CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-46415
https://notcve.org/view.php?id=CVE-2025-46415
27 Jun 2025 — A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. • https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 2.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-46416
https://notcve.org/view.php?id=CVE-2025-46416
27 Jun 2025 — The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. • https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017 • CWE-282: Improper Ownership Management •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52991
https://notcve.org/view.php?id=CVE-2025-52991
27 Jun 2025 — The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. • https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017 • CWE-276: Incorrect Default Permissions •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52992
https://notcve.org/view.php?id=CVE-2025-52992
27 Jun 2025 — The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. • https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52993
https://notcve.org/view.php?id=CVE-2025-52993
27 Jun 2025 — A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. • https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-51481 – Nix allows macOS sandbox escape via built-in builders
https://notcve.org/view.php?id=CVE-2024-51481
31 Oct 2024 — Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47174 – Credential leak when credentials are used with `<nix/fetchurl.nix>`
https://notcve.org/view.php?id=CVE-2024-47174
26 Sep 2024 — Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38531 – Nix sandbox escape
https://notcve.org/view.php?id=CVE-2024-38531
28 Jun 2024 — Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. Nix es un administrador de paquetes para Linux y otros ... • https://github.com/NixOS/nix/pull/10501 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27297 – Nix Corruption of fixed-output derivations
https://notcve.org/view.php?id=CVE-2024-27297
11 Mar 2024 — Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected conte... • https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •