Nixos Nix vulnerabilities

CVE-2025-53819 [HIGH] CWE-271 CVE-2025-53819: Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were exec Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.

CVE-2025-52993 [MEDIUM] CWE-362 CVE-2025-52993: A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitr A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

CVE-2025-52992 [LOW] CWE-732 CVE-2025-52992: The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fai The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

CVE-2025-46415 [LOW] CWE-367 CVE-2025-46415: A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbit A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

CVE-2025-52991 [LOW] CWE-276 CVE-2025-52991: The Nix, Lix, and Guix package managers default to using temporary build directories in a world-read The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.

CVE-2025-46416 [LOW] CWE-282 CVE-2025-46416: The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevat The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

CVE-2024-51481 [LOW] CWE-693 CVE-2024-51481: Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `bui Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import `) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sa

CVE-2024-47174 [MEDIUM] CWE-287 CVE-2024-47174: Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to ver Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle (MITM) attack. `` is also known as the builtin derivation b

CVE-2024-45593 [HIGH] CWE-22 CVE-2024-45593: Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix

CVE-2024-38531 [LOW] CWE-278 CVE-2024-38531: Nix is a package manager for Linux and other Unix systems that makes package management reliable and Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all

CVE-2024-27297 [MEDIUM] CWE-367 CVE-2024-27297: Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can s Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered

CVE-2021-45707 [MEDIUM] CWE-787 Out-of-bounds Write in nix Out-of-bounds Write in nix On certain platforms, if a user has more than 16 groups, the nix::unistd::getgrouplist function will call the libc getgrouplist function with a length parameter greater than the size of the buffer it provides, resulting in an out-of-bounds write and memory corruption. The libc getgrouplist function takes an in/out parameter ngroups specifying the size of the group buffer. When the buffer is too small to hold

CVE-2019-17365 [HIGH] CWE-276 CVE-2019-17365: Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.