NixOS Nix Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of NixOS Nix's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical2

High2

Medium5

Low6

1 additional CVE has no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of NixOS Nix's CVEs are currently listed in CISA's KEV catalog.

Public exploits

One of NixOS Nix's CVEs has a known public exploit available.

Affected versions and CVEs

Browse every NixOS Nix version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

1.115 CVEs
1.11.15 CVEs
2.05 CVEs
2.25 CVEs
1.04 CVEs
1.14 CVEs
1.104 CVEs
1.24 CVEs
1.34 CVEs
1.44 CVEs
1.54 CVEs
1.5.14 CVEs
1.5.24 CVEs
1.5.34 CVEs
1.64 CVEs
1.6.14 CVEs
1.74 CVEs
1.84 CVEs
1.94 CVEs
2.24.04 CVEs
2.24.14 CVEs
2.24.24 CVEs
2.24.34 CVEs
2.24.44 CVEs
2.24.54 CVEs
2.18.03 CVEs
2.18.13 CVEs
2.18.23 CVEs
2.18.33 CVEs
2.20.03 CVEs
2.20.13 CVEs
2.20.23 CVEs
2.20.33 CVEs
2.20.43 CVEs
2.22.03 CVEs
2.22.13 CVEs
2.18.42 CVEs
2.18.52 CVEs
2.18.62 CVEs
2.18.72 CVEs
2.19.02 CVEs
2.19.12 CVEs
2.19.22 CVEs
2.19.32 CVEs
2.20.52 CVEs
2.20.62 CVEs
2.21.02 CVEs
2.21.12 CVEs
2.21.22 CVEs
2.23.02 CVEs
2.24.62 CVEs
2.24.72 CVEs
< 2.18.91 CVE
>= 1.11, < 2.18.81 CVE
>= 2.18.0, < 2.18.41 CVE
>= 2.18.2, <= 2.18.91 CVE
>= 2.19.0, < 2.19.41 CVE
>= 2.19.0, < 2.19.51 CVE
>= 2.19.4, <= 2.19.71 CVE
>= 2.20.0, < 2.20.51 CVE
>= 2.20.0, < 2.20.71 CVE
>= 2.20.0, < 2.20.91 CVE
>= 2.20.5, <= 2.20.91 CVE
>= 2.21, < 2.28.61 CVE
>= 2.21.0, < 2.21.31 CVE
>= 2.21.0, < 2.21.51 CVE
>= 2.22.0, < 2.22.21 CVE
>= 2.22.0, < 2.22.41 CVE
>= 2.23.0, < 2.23.11 CVE
>= 2.23.0, < 2.23.41 CVE
>= 2.24.0, < 2.24.101 CVE
>= 2.24.0, < 2.24.81 CVE
>= 2.29.0, < 2.29.31 CVE
>= 2.3.0, < 2.3.181 CVE
>= 2.30.0, < 2.30.41 CVE
>= 2.31.0, < 2.31.41 CVE
>= 2.32.0, < 2.32.71 CVE
>= 2.33.0, < 2.33.41 CVE
>= 2.34.0, < 2.34.51 CVE
>= 2.4.0, < 2.18.21 CVE
2.18.81 CVE
2.19.41 CVE
2.20.71 CVE
2.20.81 CVE
2.21.31 CVE
2.21.41 CVE
2.22.21 CVE
2.22.31 CVE
2.23.11 CVE
2.23.21 CVE
2.23.31 CVE
2.24.81 CVE
2.24.91 CVE
2.31 CVE

Fixed in

2.24.154 CVEs
2.26.44 CVEs
2.28.44 CVEs
2.29.14 CVEs
2.28.72 CVEs
2.29.42 CVEs
2.30.52 CVEs
2.31.52 CVEs
2.32.82 CVEs
2.33.62 CVEs
2.34.72 CVEs
> 2.24.151 CVE
> 2.26.41 CVE
> 2.28.41 CVE

Find a version

16 CVEs

Sort

Medium vulnerability · 2026-05-05
CVE-2026-44029
Patch
CWE-36
Medium · CVSS 5.3
EPSS 0.3% (55th pct)2026-05-05
High vulnerability · 2026-05-05
CVE-2026-44028
Patch
CWE-674
High · CVSS 7.5
EPSS 0.0% (0th pct)2026-05-05
Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination
CVE-2026-39860
Patch
CWE-61
Critical · CVSS 9.0
EPSS 0.0% (2th pct)2026-04-08
Nix's privilege dropping to build user broke for macOS
CVE-2025-53819
Patch
CWE-271
High · CVSS 7.9
EPSS 0.1% (23th pct)2025-07-14
Medium vulnerability · 2025-06-27
CVE-2025-52993
Patch
CWE-362
Medium · CVSS 5.6
EPSS 0.1% (22th pct)2025-06-27
Low vulnerability · 2025-06-27
CVE-2025-52992
Patch
CWE-732
Low · CVSS 3.2
EPSS 0.1% (22th pct)2025-06-27
Low vulnerability · 2025-06-27
CVE-2025-52991
Patch
CWE-276
Low · CVSS 3.2
EPSS 0.1% (24th pct)2025-06-27
Low vulnerability · 2025-06-27
CVE-2025-46416
Patch
CWE-282
Low · CVSS 2.9
EPSS 0.1% (24th pct)2025-06-27
Low vulnerability · 2025-06-27
CVE-2025-46415
Public exploit
Patch
CWE-367
Low · CVSS 3.2
EPSS 0.1% (22th pct)2025-06-27
Nix allows macOS sandbox escape via built-in builders
CVE-2024-51481
Patch
CWE-693
Low · CVSS 1.0
EPSS 0.1% (23th pct)2024-10-31
Credential leak when credentials are used with ` `
CVE-2024-47174
Patch
CWE-287
Medium · CVSS 5.9
EPSS 0.1% (27th pct)2024-09-26
Critical vulnerability · 2024-09-10
CVE-2024-45593
Patch
CWE-22
Critical · CVSS 9.1
EPSS 0.4% (64th pct)2024-09-10
Low vulnerability · 2024-06-28
CVE-2024-38531
Patch
CWE-278
Low · CVSS 3.6
EPSS 0.0% (7th pct)2024-06-28
Medium vulnerability · 2024-05-18
CVE-2024-36050
Medium · CVSS 4.3
EPSS 0.1% (33th pct)2024-05-18
Nix Corruption of fixed-output derivations
CVE-2024-27297
Patch
CWE-367
Medium · CVSS 6.3
EPSS 0.1% (20th pct)2024-03-11
Vulnerability · 2019-10-09
CVE-2019-17365
Unscored
EPSS 0.0% (16th pct)2019-10-09

Severity and exploitation

NixOS Nix Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other NixOS products

Frequently asked questions

How many CVEs does NixOS Nix have?

How many NixOS Nix CVEs are in CISA KEV?

Are there public exploits for NixOS Nix vulnerabilities?

Which versions of NixOS Nix are affected?

What are the most common weakness types in NixOS Nix CVEs?

How many critical NixOS Nix vulnerabilities are there?

What is the average severity of NixOS Nix CVEs?

References

Track NixOS Nix vulnerabilities