nixos CVE Vulnerabilities & Metrics

Focus on nixos vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About nixos Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with nixos. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total nixos CVEs: 4
Earliest CVE date: 04 Apr 2017, 00:59 UTC
Latest CVE date: 10 Sep 2024, 16:15 UTC

Latest CVE reference: CVE-2024-45593

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical nixos CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.95

Max CVSS: 7.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 2
4.0-6.9 1
7.0-8.9 1
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS nixos CVEs

These are the five CVEs with the highest CVSS scores for nixos, sorted by severity first and recency.

All CVEs for nixos

CVE-2024-45593 nixos vulnerability CVSS: 0 10 Sep 2024, 16:15 UTC

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.

CVE-2023-36476 nixos vulnerability CVSS: 0 29 Jun 2023, 01:15 UTC

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.

CVE-2019-17365 nixos vulnerability CVSS: 4.6 09 Oct 2019, 22:15 UTC

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.

CVE-2017-7412 nixos vulnerability CVSS: 7.2 04 Apr 2017, 00:59 UTC

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.