| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39860 | Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination | NixOS | nix | Critical | 9.0 | 2026-04-08 20:58:23 | Deep Dive |
| CVE-2026-25740 | Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module | NixOS | nixpkgs | - | - | 2026-02-09 20:17:17 | Deep Dive |
| CVE-2026-25137 | NixOs Odoo database and filestore publicly accessible with default odoo configuration | NixOS | nixpkgs | Critical | 9.1 | 2026-02-02 22:47:50 | Deep Dive |
| CVE-2026-23838 | Tandoor Recipes module allows SQLite database to be externally accessible with the default settings | NixOS | nixpkgs | - | - | 2026-01-19 18:14:56 | Deep Dive |
| CVE-2025-64766 | NixOS has hardcoded credentials in Onlyoffice module | NixOS | nixpkgs | Medium | 5.3 | 2025-11-17 21:38:10 | Deep Dive |
| CVE-2025-54864 | Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins | NixOS | hydra | - | - | 2025-08-12 15:48:54 | Deep Dive |
| CVE-2025-54800 | Hydra persistent XSS in build metrics | NixOS | hydra | - | - | 2025-08-12 15:47:11 | Deep Dive |
| CVE-2025-53819 | Nix's privilege dropping to build user broke for macOS | NixOS | nix | High | 7.9 | 2025-07-14 20:42:13 | Deep Dive |
| CVE-2025-46416 | Nix、lix和GNU Guix 安全漏洞 | NixOS | Nix | Low | 2.9 | 2025-06-27 00:00:00 | Deep Dive |
| CVE-2025-52993 | Nix、lix和GNU Guix 竞争条件问题漏洞 | NixOS | Nix | Medium | 5.6 | 2025-06-27 00:00:00 | Deep Dive |
| CVE-2025-52992 | Nix、lix和GNU Guix 安全漏洞 | NixOS | Nix | Low | 3.2 | 2025-06-27 00:00:00 | Deep Dive |
| CVE-2025-52991 | Nix、lix和GNU Guix 安全漏洞 | NixOS | Nix | Low | 3.2 | 2025-06-27 00:00:00 | Deep Dive |
| CVE-2025-46415 | Nix、lix和GNU Guix 安全漏洞 | NixOS | Nix | Low | 3.2 | 2025-06-27 00:00:00 | Deep Dive |
| CVE-2025-32435 | Hydra no restricted eval after nix-eval-jobs migration | NixOS | hydra | Low | 2.6 | 2025-04-15 22:19:47 | Deep Dive |
| CVE-2025-32438 | Local privilege escalation in make-initrd-ng | NixOS | nixpkgs | High | 8.8 | 2025-04-15 19:57:05 | Deep Dive |
| CVE-2024-51481 | Nix allows macOS sandbox escape via built-in builders | NixOS | nix | 中危 | - | 2024-10-31 16:10:22 | Deep Dive |
| CVE-2024-47174 | Credential leak when credentials are used with `<nix/fetchurl.nix>` | NixOS | nix | Medium | 5.9 | 2024-09-26 17:27:54 | Deep Dive |
| CVE-2024-45593 | Nix affected by unsafe NAR unpacking | NixOS | nix | Critical | 9.0 | 2024-09-10 15:51:08 | Deep Dive |
| CVE-2024-45049 | Nix Hydra Missing authentication when triggering evaluations | NixOS | hydra | High | 7.5 | 2024-08-27 20:33:01 | Deep Dive |
| CVE-2024-43378 | calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems | NixOS | calamares-nixos-extensions | High | 7.8 | 2024-08-15 23:53:07 | Deep Dive |