NIXPKGS-2026-1196

GitHub issue published 2 months ago

Permalink CVE-2026-40606

4.8 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): High (H)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): Low (L)
• Integrity (I): Low (L)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): High (H)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): Low (L)
• Modified Availability (MA): None (N)

updated 2 months ago by @LeSuisse Activity log

• Created suggestion 2 months ago
• @LeSuisse ignored
  13 packages

  • mitmproxy2swagger
  • python312Packages.mitmproxy
  • python313Packages.mitmproxy
  • python314Packages.mitmproxy
  • python312Packages.mitmproxy-rs
  • python313Packages.mitmproxy-rs
  • python314Packages.mitmproxy-rs
  • python312Packages.mitmproxy-linux
  • python312Packages.mitmproxy-macos
  • python313Packages.mitmproxy-linux
  • python313Packages.mitmproxy-macos
  • python314Packages.mitmproxy-linux
  • python314Packages.mitmproxy-macos
  2 months ago
• @LeSuisse ignored maintainer @SuperSandro2000 2 months ago maintainer.ignore
• @LeSuisse accepted 2 months ago
• @LeSuisse published on GitHub 2 months ago

ProxyAuth Addon LDAP Injection in mitmproxy

• https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv x_refsource_CONFIRM

---

mitmproxy

• ==< 12.2.2

NIXPKGS-2026-1195

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-32228

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

• https://github.com/apache/airflow/pull/63338 patch
• https://lists.apache.org/thread/s7c75txgt4qf2rofcn43szfwgcrzy0nj vendor-advisory
• http://www.openwall.com/lists/oss-security/2026/04/17/8

---

apache-airflow

• <3.2.0

NIXPKGS-2026-1194

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-32690

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

• https://github.com/apache/airflow/pull/63480 patch
• https://lists.apache.org/thread/7rnzxofntcznqxnhsmjvvlvygwph7rn5 vendor-advisory
• http://www.openwall.com/lists/oss-security/2026/04/17/6

---

apache-airflow

• <3.2.0

NIXPKGS-2026-1193

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-25917

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

• Apache Airflow PR #61641 (fix) patch
• https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po vendor-advisory
• http://www.openwall.com/lists/oss-security/2026/04/17/9

---

apache-airflow

• <3.2.0

NIXPKGS-2026-1192

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-30898

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

• https://github.com/apache/airflow/pull/64129 patch
• https://lists.apache.org/thread/26zmhfj1t95c1hld2r14ho81nzh1bdc8 vendor-advisory
• http://www.openwall.com/lists/oss-security/2026/04/17/7

---

apache-airflow

• <3.2.0

NIXPKGS-2026-1191

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40491

6.5 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): High (H)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): None (N)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored
  6 packages

  • hongdown
  • lgogdownloader
  • lgogdownloader-gui
  • python312Packages.gdown
  • python313Packages.gdown
  • python314Packages.gdown
  2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

• https://github.com/wkentaro/gdown/security/advisories/GHSA-76hw-p97h-883f x_refsource_CONFIRM
• https://github.com/wkentaro/gdown/commit/af569fc6ed300b7974dee66dc51e9f01b57b4dff x_refsource_MISC

Ignored references (1)

• https://github.com/wkentaro/gdown/releases/tag/v5.2.2 x_refsource_MISC

---

gdown

• ==< 5.2.2

NIXPKGS-2026-1190

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-30912

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Apache Airflow: Exposing stack trace in case of constraint error

• https://github.com/apache/airflow/pull/63028 patch
• https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9 vendor-advisory
• http://www.openwall.com/lists/oss-security/2026/04/17/5

---

apache-airflow

• <3.2.0

NIXPKGS-2026-1189

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-33337

7.5 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Network (N)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): None (N)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Network (N)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): High (H)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored package firebird-emu 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird has a buffer overflow when parsing corrupted slice packets

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p x_refsource_CONFIRM
• https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
• https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC

---

firebird

• ==>= 4.0.0, < 4.0.7
• ==>= 3.0.0, < 3.0.14
• ==>= 5.0.0, < 5.0.4

NIXPKGS-2026-1188

GitHub issue published 2 months, 1 week ago

Permalink CVE-2025-65104

7.9 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): None (N)
• Scope (S): Changed (C)
• Confidentiality (C): Low (L)
• Integrity (I): High (H)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Changed (C)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse ignored
  3 packages

  • firebird-emu
  • firebird
  • firebird_4
  2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

Firebird: Information leak vulnerability in firebird3 client when used with newer server

• https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg x_refsource_CONFIRM

Ignored references (1)

• https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0 x_refsource_MISC

---

firebird

• ==< 4.0.0

NIXPKGS-2026-1187

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40338

5.2 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Physical (P)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): None (N)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Physical (P)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @LeSuisse Activity log

• Created suggestion 2 months, 1 week ago
• @LeSuisse accepted 2 months, 1 week ago
• @LeSuisse published on GitHub 2 months, 1 week ago

libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c

• https://github.com/gphoto/libgphoto2/security/advisories/GHSA-2hwp-w84q-27hf x_refsource_CONFIRM
• https://github.com/gphoto/libgphoto2/commit/3b9f9696be76ae51dca983d9dd8ce586a2561845 x_refsource_MISC

---

libgphoto2

• ==<= 2.5.33