Nixos Nixpkgs
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Nixos Nixpkgs.
By the Year
In 2026 there have been 0 vulnerabilities in Nixos Nixpkgs. Last year, in 2025 Nixpkgs had 1 security vulnerability published. Right now, Nixpkgs is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.30 |
It may take a day or so for new Nixpkgs vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nixos Nixpkgs Security Vulnerabilities
OnlyOffice document server hardcoded secret exposes cached docs (pre 25.11)
CVE-2025-64766
5.3 - Medium
- November 17, 2025
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protect its file cache. An attacker with knowledge of an existing revision ID could use this secret to obtain a document. In practice, an arbitrary revision ID should be hard to obtain. The primary impact is likely the access to known documents from users with expired access. This issue was resolved in NixOS unstable version 25.11 and version 25.05.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nixos Nixpkgs or by Nixos? Click the Watch button to subscribe.
