Nixpkgs security tracker

Login with GitHub

Published issues

All published security issues are tracked and resolved on GitHub.

NIXPKGS-2026-1374
published on
Permalink CVE-2026-40561
updated 45 minutes ago by @LeSuisse Activity log
  • Created suggestion 8 hours ago
  • @LeSuisse ignored reference https://d… 52 minutes ago
  • @LeSuisse ignored
    20 packages
    • xmlstarlet
    • python312Packages.starlette
    • python313Packages.starlette
    • python314Packages.starlette
    • python312Packages.sse-starlette
    • python312Packages.starlette-wtf
    • python313Packages.sse-starlette
    • python313Packages.starlette-wtf
    • python314Packages.sse-starlette
    • python314Packages.starlette-wtf
    • python312Packages.starlette-admin
    • python313Packages.starlette-admin
    • python314Packages.starlette-admin
    • python312Packages.starlette-context
    • python313Packages.starlette-context
    • python314Packages.starlette-context
    • perl538Packages.Starlet
    • python314Packages.starlette-compress
    • python313Packages.starlette-compress
    • python312Packages.starlette-compress
    51 minutes ago
  • @LeSuisse restored package perl538Packages.Starlet 51 minutes ago
  • @LeSuisse accepted 51 minutes ago
  • @LeSuisse published on GitHub 45 minutes ago
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Affected products

Starlet
  • =<0.31

Matching in nixpkgs

Ignored packages (19)

pkgs.xmlstarlet

Command line tool for manipulating and querying XML data

NIXPKGS-2026-1373
published on
Permalink CVE-2026-7706
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 48 minutes ago by @LeSuisse Activity log
Open5GS AMF gmm-handler.c gmm_handle_service_request denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Open5GS
  • ==2.7.4
  • ==2.7.0
  • ==2.7.2
  • ==2.7.5
  • ==2.7.1
  • ==2.7.3
  • ==2.7.6
  • ==2.7.7

Matching in nixpkgs

Ignored packages (1)

Package maintainers

NIXPKGS-2026-1372
published on
Permalink CVE-2026-7707
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 48 minutes ago by @LeSuisse Activity log
Open5GS UDR nudr-handler.c udr_nudr_dr_handle_subscription_context denial of service

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Open5GS
  • ==2.7.4
  • ==2.7.0
  • ==2.7.2
  • ==2.7.5
  • ==2.7.1
  • ==2.7.3
  • ==2.7.6
  • ==2.7.7

Matching in nixpkgs

Ignored packages (1)

Package maintainers

NIXPKGS-2026-1371
published on
Permalink CVE-2026-7708
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 49 minutes ago by @LeSuisse Activity log
Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Open5GS
  • ==2.7.4
  • ==2.7.0
  • ==2.7.2
  • ==2.7.5
  • ==2.7.1
  • ==2.7.3
  • ==2.7.6
  • ==2.7.7

Matching in nixpkgs

Ignored packages (1)

Package maintainers

NIXPKGS-2026-1370
published on
Permalink CVE-2026-7702
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 49 minutes ago by @LeSuisse Activity log
  • Created suggestion 8 hours ago
  • @LeSuisse ignored
    2 references
    51 minutes ago
  • @LeSuisse ignored
    11 packages
    • python312Packages.affine
    • python313Packages.affine
    • python314Packages.affine
    • python312Packages.affinegap
    • python313Packages.affinegap
    • python314Packages.affinegap
    • python312Packages.affine-gaps
    • python313Packages.affine-gaps
    • python314Packages.affine-gaps
    • haskellPackages.affinely-extended
    • haskellPackages.simple-affine-space
    50 minutes ago
  • @LeSuisse accepted 50 minutes ago
  • @LeSuisse published on GitHub 49 minutes ago
toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

AFFiNE
  • ==0.26.1
  • ==0.26.0
  • ==0.26.3
  • ==0.26.2

Matching in nixpkgs

pkgs.affine

Workspace with fully merged docs, whiteboards and databases

Ignored packages (11)

pkgs.python313Packages.affinegap

Cython implementation of the affine gap string distance

  • nixos-unstable 2
    • nixpkgs-unstable 2
    • nixos-unstable-small 2
  • nixos-25.11 1.12
    • nixos-25.11-small 1.12
    • nixpkgs-25.11-darwin 1.12

Package maintainers

NIXPKGS-2026-1369
published on
Permalink CVE-2026-7709
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 49 minutes ago by @LeSuisse Activity log
janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Calibre-Web
  • ==0.6.12
  • ==0.6.8
  • ==0.6.14
  • ==0.6.22
  • ==0.6.3
  • ==0.6.19
  • ==0.6.24
  • ==0.6.13
  • ==0.6.6
  • ==0.6.2
  • ==0.6.21
  • ==0.6.5
  • ==0.6.26
  • ==0.6.15
  • ==0.6.18
  • ==0.6.9
  • ==0.6.4
  • ==0.6.0
  • ==0.6.10
  • ==0.6.23
  • ==0.6.25
  • ==0.6.1
  • ==0.6.17
  • ==0.6.20
  • ==0.6.7
  • ==0.6.11
  • ==0.6.16

Matching in nixpkgs

Package maintainers

NIXPKGS-2026-1368
published on
Permalink CVE-2026-6525
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 1 day, 1 hour ago by @LeSuisse Activity log
  • Created suggestion 1 day, 8 hours ago
  • @LeSuisse ignored
    2 maintainers
    • @fpletz
    • @bjornfor
    1 day, 1 hour ago maintainer.ignore
  • @LeSuisse accepted 1 day, 1 hour ago
  • @LeSuisse published on GitHub 1 day, 1 hour ago
NULL Pointer Dereference in Wireshark

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4

Affected products

Wireshark
  • <4.6.5

Matching in nixpkgs

pkgs.tshark

Powerful network protocol analyzer

Package maintainers

Ignored maintainers (2)
NIXPKGS-2026-1367
published on
Permalink CVE-2026-7536
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 days ago by @LeSuisse Activity log
Open5GS BSF pcfBindings bsf_sess_add_by_ip_address denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Open5GS
  • ==2.7.4
  • ==2.7.0
  • ==2.7.2
  • ==2.7.5
  • ==2.7.1
  • ==2.7.3
  • ==2.7.6
  • ==2.7.7

Matching in nixpkgs

Ignored packages (1)

Package maintainers

NIXPKGS-2026-1366
published on
Permalink CVE-2026-7598
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 days ago by @LeSuisse Activity log
libssh2 userauth.c userauth_password integer overflow

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Affected products

libssh2
  • ==1.11.0
  • ==1.11.1

Matching in nixpkgs

Ignored packages (3)

Package maintainers

NIXPKGS-2026-1365
published on
Permalink CVE-2026-7587
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 days ago by @LeSuisse Activity log
Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Open5GS
  • ==2.7.4
  • ==2.7.0
  • ==2.7.2
  • ==2.7.5
  • ==2.7.1
  • ==2.7.3
  • ==2.7.6
  • ==2.7.7

Matching in nixpkgs

Ignored packages (1)

Package maintainers