NIXPKGS-2026-0063 published on 21 Jan 2026 CVE-2026-1145 updated 1 day, 12 hours ago by @LeSuisse Activity log Created automatic suggestion 2 days, 16 hours ago @LeSuisse removed 4 packages python312Packages.quickjs python313Packages.quickjs python312Packages.llm-tools-quickjs python313Packages.llm-tools-quickjs 2 days, 10 hours ago @LeSuisse accepted as draft 2 days, 10 hours ago @LeSuisse published on GitHub 1 day, 12 hours ago quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue. Affected products quickjs ==0.10 ==0.1 ==0.7 ==0.8 ==0.2 ==0.4 ==0.6 ==0.9 ==0.3 ==0.5 ==0.11.0 Matching in nixpkgs pkgs.quickjs Small and embeddable Javascript engine nixos-unstable 2025-09-13-2 nixpkgs-unstable 2025-09-13-2 nixos-unstable-small 2025-09-13-2 nixos-25.05 2024-01-13 nixos-25.05-small 2024-01-13 nixpkgs-25.05-darwin 2024-01-13 pkgs.quickjs-ng Mighty JavaScript engine nixos-unstable 0.11.0 nixpkgs-unstable 0.11.0 nixos-unstable-small 0.11.0 nixos-25.05 0.10.0 nixos-25.05-small 0.10.0 nixpkgs-25.05-darwin 0.10.0 Package maintainers: 2 @stesie Stefan Siegl <stesie@brokenpipe.de> @philiptaron Philip Taron <philip.taron@gmail.com> GitHub issue
CVE-2026-1145 updated 1 day, 12 hours ago by @LeSuisse Activity log Created automatic suggestion 2 days, 16 hours ago @LeSuisse removed 4 packages python312Packages.quickjs python313Packages.quickjs python312Packages.llm-tools-quickjs python313Packages.llm-tools-quickjs 2 days, 10 hours ago @LeSuisse accepted as draft 2 days, 10 hours ago @LeSuisse published on GitHub 1 day, 12 hours ago quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue. Affected products quickjs ==0.10 ==0.1 ==0.7 ==0.8 ==0.2 ==0.4 ==0.6 ==0.9 ==0.3 ==0.5 ==0.11.0 Matching in nixpkgs pkgs.quickjs Small and embeddable Javascript engine nixos-unstable 2025-09-13-2 nixpkgs-unstable 2025-09-13-2 nixos-unstable-small 2025-09-13-2 nixos-25.05 2024-01-13 nixos-25.05-small 2024-01-13 nixpkgs-25.05-darwin 2024-01-13 pkgs.quickjs-ng Mighty JavaScript engine nixos-unstable 0.11.0 nixpkgs-unstable 0.11.0 nixos-unstable-small 0.11.0 nixos-25.05 0.10.0 nixos-25.05-small 0.10.0 nixpkgs-25.05-darwin 0.10.0 Package maintainers: 2 @stesie Stefan Siegl <stesie@brokenpipe.de> @philiptaron Philip Taron <philip.taron@gmail.com>
pkgs.quickjs Small and embeddable Javascript engine nixos-unstable 2025-09-13-2 nixpkgs-unstable 2025-09-13-2 nixos-unstable-small 2025-09-13-2 nixos-25.05 2024-01-13 nixos-25.05-small 2024-01-13 nixpkgs-25.05-darwin 2024-01-13
pkgs.quickjs-ng Mighty JavaScript engine nixos-unstable 0.11.0 nixpkgs-unstable 0.11.0 nixos-unstable-small 0.11.0 nixos-25.05 0.10.0 nixos-25.05-small 0.10.0 nixpkgs-25.05-darwin 0.10.0