NIXPKGS-2026-0032 published on 18 Jan 2026 CVE-2026-23528 updated 4 days, 7 hours ago by @LeSuisse Activity log Created automatic suggestion 5 days, 18 hours ago @LeSuisse removed 16 packages github-distributed-owners haskellPackages.distributed-fork haskellPackages.aivika-distributed haskellPackages.distributed-static haskellPackages.distributed-closure haskellPackages.distributed-process haskellPackages.powerqueue-distributed haskellPackages.distributed-process-ekg haskellPackages.distributed-process-async haskellPackages.distributed-process-tests haskellPackages.distributed-process-extras haskellPackages.distributed-process-systest haskellPackages.distributed-process-execution haskellPackages.distributed-process-supervisor haskellPackages.distributed-process-client-server haskellPackages.distributed-process-monad-control 4 days, 7 hours ago @LeSuisse accepted as draft 4 days, 7 hours ago @LeSuisse published on GitHub 4 days, 7 hours ago Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0. Affected products distributed ==< 2026.1.0 Matching in nixpkgs pkgs.python312Packages.distributed Distributed computation in Python nixos-unstable 2025.11.0 nixpkgs-unstable 2025.11.0 nixos-unstable-small 2025.11.0 nixos-25.05 2025.3.0 nixos-25.05-small 2025.3.0 nixpkgs-25.05-darwin 2025.3.0 pkgs.python313Packages.distributed Distributed computation in Python nixos-unstable 2025.11.0 nixpkgs-unstable 2025.11.0 nixos-unstable-small 2025.11.0 nixos-25.05 2025.3.0 nixos-25.05-small 2025.3.0 nixpkgs-25.05-darwin 2025.3.0 Package maintainers: 2 @teh Tom Hunger <tehunger@gmail.com> @cameroncuttingedge Cameron Byte <buckets-taxiway5l@icloud.com>
CVE-2026-23528 updated 4 days, 7 hours ago by @LeSuisse Activity log Created automatic suggestion 5 days, 18 hours ago @LeSuisse removed 16 packages github-distributed-owners haskellPackages.distributed-fork haskellPackages.aivika-distributed haskellPackages.distributed-static haskellPackages.distributed-closure haskellPackages.distributed-process haskellPackages.powerqueue-distributed haskellPackages.distributed-process-ekg haskellPackages.distributed-process-async haskellPackages.distributed-process-tests haskellPackages.distributed-process-extras haskellPackages.distributed-process-systest haskellPackages.distributed-process-execution haskellPackages.distributed-process-supervisor haskellPackages.distributed-process-client-server haskellPackages.distributed-process-monad-control 4 days, 7 hours ago @LeSuisse accepted as draft 4 days, 7 hours ago @LeSuisse published on GitHub 4 days, 7 hours ago Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0. Affected products distributed ==< 2026.1.0 Matching in nixpkgs pkgs.python312Packages.distributed Distributed computation in Python nixos-unstable 2025.11.0 nixpkgs-unstable 2025.11.0 nixos-unstable-small 2025.11.0 nixos-25.05 2025.3.0 nixos-25.05-small 2025.3.0 nixpkgs-25.05-darwin 2025.3.0 pkgs.python313Packages.distributed Distributed computation in Python nixos-unstable 2025.11.0 nixpkgs-unstable 2025.11.0 nixos-unstable-small 2025.11.0 nixos-25.05 2025.3.0 nixos-25.05-small 2025.3.0 nixpkgs-25.05-darwin 2025.3.0 Package maintainers: 2 @teh Tom Hunger <tehunger@gmail.com> @cameroncuttingedge Cameron Byte <buckets-taxiway5l@icloud.com>
pkgs.python312Packages.distributed Distributed computation in Python nixos-unstable 2025.11.0 nixpkgs-unstable 2025.11.0 nixos-unstable-small 2025.11.0 nixos-25.05 2025.3.0 nixos-25.05-small 2025.3.0 nixpkgs-25.05-darwin 2025.3.0
pkgs.python313Packages.distributed Distributed computation in Python nixos-unstable 2025.11.0 nixpkgs-unstable 2025.11.0 nixos-unstable-small 2025.11.0 nixos-25.05 2025.3.0 nixos-25.05-small 2025.3.0 nixpkgs-25.05-darwin 2025.3.0