NIXPKGS-2026-0064 published on 21 Jan 2026 CVE-2026-1144 updated 1 day, 12 hours ago by @LeSuisse Activity log Created automatic suggestion 2 days, 16 hours ago @LeSuisse removed 4 packages python312Packages.quickjs python313Packages.quickjs python312Packages.llm-tools-quickjs python313Packages.llm-tools-quickjs 2 days, 10 hours ago @LeSuisse accepted as draft 2 days, 10 hours ago @LeSuisse published on GitHub 1 day, 12 hours ago quickjs-ng quickjs Atomics Ops quickjs.c use after free A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue. Affected products quickjs ==0.10 ==0.1 ==0.7 ==0.8 ==0.2 ==0.4 ==0.11.0 ==0.9 ==0.3 ==0.5 ==0.6 Matching in nixpkgs pkgs.quickjs Small and embeddable Javascript engine nixos-unstable 2025-09-13-2 nixpkgs-unstable 2025-09-13-2 nixos-unstable-small 2025-09-13-2 nixos-25.05 2024-01-13 nixos-25.05-small 2024-01-13 nixpkgs-25.05-darwin 2024-01-13 pkgs.quickjs-ng Mighty JavaScript engine nixos-unstable 0.11.0 nixpkgs-unstable 0.11.0 nixos-unstable-small 0.11.0 nixos-25.05 0.10.0 nixos-25.05-small 0.10.0 nixpkgs-25.05-darwin 0.10.0 Package maintainers: 2 @stesie Stefan Siegl <stesie@brokenpipe.de> @philiptaron Philip Taron <philip.taron@gmail.com> GitHub issue
CVE-2026-1144 updated 1 day, 12 hours ago by @LeSuisse Activity log Created automatic suggestion 2 days, 16 hours ago @LeSuisse removed 4 packages python312Packages.quickjs python313Packages.quickjs python312Packages.llm-tools-quickjs python313Packages.llm-tools-quickjs 2 days, 10 hours ago @LeSuisse accepted as draft 2 days, 10 hours ago @LeSuisse published on GitHub 1 day, 12 hours ago quickjs-ng quickjs Atomics Ops quickjs.c use after free A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue. Affected products quickjs ==0.10 ==0.1 ==0.7 ==0.8 ==0.2 ==0.4 ==0.11.0 ==0.9 ==0.3 ==0.5 ==0.6 Matching in nixpkgs pkgs.quickjs Small and embeddable Javascript engine nixos-unstable 2025-09-13-2 nixpkgs-unstable 2025-09-13-2 nixos-unstable-small 2025-09-13-2 nixos-25.05 2024-01-13 nixos-25.05-small 2024-01-13 nixpkgs-25.05-darwin 2024-01-13 pkgs.quickjs-ng Mighty JavaScript engine nixos-unstable 0.11.0 nixpkgs-unstable 0.11.0 nixos-unstable-small 0.11.0 nixos-25.05 0.10.0 nixos-25.05-small 0.10.0 nixpkgs-25.05-darwin 0.10.0 Package maintainers: 2 @stesie Stefan Siegl <stesie@brokenpipe.de> @philiptaron Philip Taron <philip.taron@gmail.com>
pkgs.quickjs Small and embeddable Javascript engine nixos-unstable 2025-09-13-2 nixpkgs-unstable 2025-09-13-2 nixos-unstable-small 2025-09-13-2 nixos-25.05 2024-01-13 nixos-25.05-small 2024-01-13 nixpkgs-25.05-darwin 2024-01-13
pkgs.quickjs-ng Mighty JavaScript engine nixos-unstable 0.11.0 nixpkgs-unstable 0.11.0 nixos-unstable-small 0.11.0 nixos-25.05 0.10.0 nixos-25.05-small 0.10.0 nixpkgs-25.05-darwin 0.10.0