Nix

This hub aggregates every CVE we track for Nix, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Nix.

• CVE-2026-44029An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are ...5.3May 5, 2026
• CVE-2026-44028An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine ...7.5May 5, 2026
• CVE-2026-39860Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination9.0Apr 8, 2026
• CVE-2025-53819Nix's privilege dropping to build user broke for macOS7.9Jul 14, 2025
• CVE-2025-52991The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into ...3.2Jun 27, 2025
• CVE-2025-52993A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix be...5.6Jun 27, 2025
• CVE-2025-52992The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sand...3.2Jun 27, 2025
• CVE-2025-46416The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix throug...2.9Jun 27, 2025
• CVE-2025-46415A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.9...3.2Jun 27, 2025
• CVE-2024-47174Credential leak when credentials are used with `<nix/fetchurl.nix>`5.9Sep 26, 2024
• CVE-2024-45593Nix affected by unsafe NAR unpacking9.0Sep 10, 2024
• CVE-2024-38531Nix sandbox escape3.6Jun 28, 2024
• CVE-2024-27297Nix Corruption of fixed-output derivations6.3Mar 11, 2024
• CVE-2021-45707An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in mor...9.8Dec 26, 2021
• CVE-2019-17365Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.7.8Oct 9, 2019