21 matches found
CVE-2026-42046
creationtimestamp| type| source ---|---|--- 2026-05-25 13:40:12+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mmom4bm7c32p...
Nixpkgs 安全漏洞
Nixpkgs is a collection of over 100,000 software packages open source from NixOS. It can be installed using the Nix package manager. Nixpkgs versions prior to 21.11, 25.11, and 26.05 have security vulnerabilities. These vulnerabilities stem from the database manager being exposed publicly without...
GHSA-28CF-XVCF-HW6M
creationtimestamp| type| source ---|---|--- 2026-01-17 12:45:03+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mcmndtqqbw2s...
GHSA-7CQ3-MHXQ-W946
creationtimestamp| type| source ---|---|--- 2026-01-17 12:45:03+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mcmndtqqbw2s...
CVE-2025-34451
creationtimestamp| type| source ---|---|--- 2026-01-17 12:06:13+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mcml6ev6c32v 2026-01-17 13:39:19+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mcmqeuwkfo2r...
CVE-2025-7039
creationtimestamp| type| source ---|---|--- 2025-11-06 08:05:06+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m4x44wwmum2z...
CVE-2025-11677
creationtimestamp| type| source ---|---|--- 2025-11-02 11:32:23+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m4nftvzd3u2z 2025-11-10 20:37:37+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m5ci27wgej2z...
CVE-2025-59800
creationtimestamp| type| source ---|---|--- 2025-10-22 21:32:43+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m3ssbbtafa2q 2026-01-28 12:05:17+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mdiaarqtys2s...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
CVE-2024-47174 affects Nix’s fetchurl/builtin:fetchurl in versions 1.11 through before 2.18.8 and 2.24.8, where TLS certificates were not verified on HTTPS, risking leakage of full URLs and credentials (e.g., from netrc) under MITM. TOFU-style hash misupdates could also be abused. Affected compon...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657
CVE-2024-32657 affects Hydra, the CI service for Nix-based projects. The vulnerability arises from a feature that lets Nix builds specify files served to clients, with HTML build artifacts being exploitable in the browser context and capable of triggering arbitrary code execution when viewed. Imp...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
PT-2024-24749 · Hydra · Hydra
Name of the Vulnerable Software and Affected Versions: Hydra versions prior to the fix commit applied around 2024-04-21 14:30 UTC Description: Hydra, a Continuous Integration service for Nix-based projects, has an issue that allows attackers to execute arbitrary code in the browser context and...