Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2026-23883

created an hour ago

Heap-use-after-free in update_pointer_new

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

Affected products

FreeRDP

==< 3.21.0

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers: 1

@peterhoeg Peter Hoeg <peter@hoeg.com>

CVE-2026-23838

created an hour ago

Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may be externally accessible, potentially on the Internet. The root cause is that the NixOS module configures the working directory of Tandoor Recipes, as well as the value of `MEDIA_ROOT`, to be `/var/lib/tandoor-recipes`. This causes Tandoor Recipes to create its `db.sqlite3` database file in the same directory as `MEDIA_ROOT` causing it to be accessible without authentication through HTTP like any other media file. This is the case when using `GUNICORN_MEDIA=1` or when using a web server like nginx to serve media files. NixOS 26.05 changes the default value of `MEDIA_ROOT` to a sub folder of the data directory. This only applies to configurations with `system.stateVersion` >= 26.05. For older configurations, one of the workarounds should be applied instead. NixOS 25.11 has received a backport of this patch, though it doesn't fix this vulnerability without user intervention. A recommended workaround is to move `MEDIA_ROOT` into a subdirectory. Non-recommended workarounds include switching to PostgreSQL or disallowing access to `db.sqlite3`.

Affected products

nixpkgs

==>= 23.05, < 26.05

Matching in nixpkgs

pkgs.manual

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.metrics

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.tarball

Source distribution

nixos-unstable 25.11pre1234.abcdef
- nixpkgs-unstable 25.11pre1234.abcdef
- nixos-unstable-small 26.05pre1234.abcdef
nixos-25.05 25.05pre1234.abcdef
- nixos-25.05-small 25.05pre1234.abcdef
- nixpkgs-25.05-darwin 25.05pre1234.abcdef

pkgs.unstable

Release-critical builds for the Nixpkgs unstable channel

nixos-unstable 25.11pre1234.abcdef
- nixpkgs-unstable 25.11pre1234.abcdef
- nixos-unstable-small 26.05pre1234.abcdef
nixos-25.05 25.05pre1234.abcdef
- nixos-25.05-small 25.05pre1234.abcdef
- nixpkgs-25.05-darwin 25.05pre1234.abcdef

pkgs.lib-tests

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.nixpkgs-fmt

Nix code formatter for nixpkgs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.05 1.3.0
- nixos-25.05-small 1.3.0
- nixpkgs-25.05-darwin 1.3.0

pkgs.nixpkgs-vet

Tool to vet (check) Nixpkgs, including its pkgs/by-name directory

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.4
- nixos-25.05-small 0.1.4
- nixpkgs-25.05-darwin 0.1.4

pkgs.nixpkgs-lint

A utility for Nixpkgs contributors to check Nixpkgs for common errors

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1
nixos-25.05 1
- nixos-25.05-small 1
- nixpkgs-25.05-darwin 1

pkgs.darwin-tested

Release-critical builds for the Nixpkgs darwin channel

nixos-unstable 25.11pre1234.abcdef
- nixpkgs-unstable 25.11pre1234.abcdef
- nixos-unstable-small 26.05pre1234.abcdef
nixos-25.05 25.05pre1234.abcdef
- nixos-25.05-small 25.05pre1234.abcdef
- nixpkgs-25.05-darwin 25.05pre1234.abcdef

pkgs.dhall-nixpkgs

Convert Dhall projects to Nix packages

nixos-unstable 1.0.10
- nixpkgs-unstable 1.0.10
- nixos-unstable-small 1.0.10
nixos-25.05 1.0.10
- nixos-25.05-small 1.0.10
- nixpkgs-25.05-darwin 1.0.10

pkgs.nixpkgs-track

Track where Nixpkgs pull requests have reached

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.05 0.2.0
- nixos-25.05-small 0.2.0
- nixpkgs-25.05-darwin 0.2.0

pkgs.nixpkgs-manual

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1
nixos-25.05 3.4.0
- nixos-25.05-small 3.4.0
- nixpkgs-25.05-darwin 3.4.0

pkgs.release-checks

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.05 1.3.0
- nixos-25.05-small 1.3.0
- nixpkgs-25.05-darwin 1.3.0

pkgs.nixpkgs-hammering

Set of nit-picky rules that aim to point out and explain common mistakes in nixpkgs package pull requests

nixos-unstable 0-unstable-2025-09-10
- nixpkgs-unstable 0-unstable-2025-09-10
- nixos-unstable-small 0-unstable-2025-09-10
nixos-25.05 0-unstable-2025-02-09
- nixos-25.05-small 0-unstable-2025-02-09
- nixpkgs-25.05-darwin 0-unstable-2025-02-09

pkgs.nixpkgs-reviewFull

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1

pkgs.nixpkgs-lint-community

Fast semantic linter for Nix using tree-sitter

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.05 0.3.0
- nixos-25.05-small 0.3.0
- nixpkgs-25.05-darwin 0.3.0

pkgs.nixpkgs-openjdk-updater

Updater for Nixpkgs OpenJDK packages

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.05 0.1.0
- nixos-25.05-small 0.1.0
- nixpkgs-25.05-darwin 0.1.0

pkgs.python312Packages.nixpkgs

Allows to `from nixpkgs import` stuff in interactive Python sessions

nixos-25.05 0.2.4
- nixos-25.05-small 0.2.4
- nixpkgs-25.05-darwin 0.2.4

pkgs.python313Packages.nixpkgs

Allows to `from nixpkgs import` stuff in interactive Python sessions

nixos-25.05 0.2.4
- nixos-25.05-small 0.2.4
- nixpkgs-25.05-darwin 0.2.4

pkgs.haskellPackages.dhall-nixpkgs

Convert Dhall projects to Nix packages

nixos-unstable 1.0.10
- nixpkgs-unstable 1.0.10
- nixos-unstable-small 1.0.10
nixos-25.05 1.0.10
- nixos-25.05-small 1.0.10
- nixpkgs-25.05-darwin 1.0.10

pkgs.lixPackageSets.git.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1
nixos-25.05 3.4.0
- nixos-25.05-small 3.4.0
- nixpkgs-25.05-darwin 3.4.0

pkgs.python312Packages.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.05 1.3.0
- nixos-25.05-small 1.3.0
- nixpkgs-25.05-darwin 1.3.0

pkgs.python313Packages.nixpkgs-pytools

Tools for removing the tedious nature of creating nixpkgs derivations

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.05 1.3.0
- nixos-25.05-small 1.3.0
- nixpkgs-25.05-darwin 1.3.0

pkgs.tests.trivial-builders.references

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.haskellPackages.distribution-nixpkgs

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1
- nixpkgs-unstable 1.7.1.1
- nixos-unstable-small 1.7.1.1
nixos-25.05 1.7.1.1
- nixos-25.05-small 1.7.1.1
- nixpkgs-25.05-darwin 1.7.1.1

pkgs.lixPackageSets.stable.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1
nixos-25.05 3.4.0
- nixos-25.05-small 3.4.0
- nixpkgs-25.05-darwin 3.4.0

pkgs.lixPackageSets.lix_2_90.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-25.05 3.4.0
- nixos-25.05-small 3.4.0
- nixpkgs-25.05-darwin 3.4.0

pkgs.lixPackageSets.lix_2_92.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-25.05 3.4.0
- nixos-25.05-small 3.4.0
- nixpkgs-25.05-darwin 3.4.0

pkgs.lixPackageSets.lix_2_93.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-25.05 3.4.0
- nixos-25.05-small 3.4.0
- nixpkgs-25.05-darwin 3.4.0

pkgs.lixPackageSets.lix_2_94.nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1

pkgs.python312Packages.nixpkgs-plugin-update

Library for updating plugin collections in Nixpkgs

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.python313Packages.nixpkgs-plugin-update

Library for updating plugin collections in Nixpkgs

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.python312Packages.nixpkgs-updaters-library

Boilerplate-less updater library for Nixpkgs ecosystems

nixos-25.05 1.2.0
- nixos-25.05-small 1.2.0
- nixpkgs-25.05-darwin 1.2.0

pkgs.python313Packages.nixpkgs-updaters-library

Boilerplate-less updater library for Nixpkgs ecosystems

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0
nixos-25.05 1.2.0
- nixos-25.05-small 1.2.0
- nixpkgs-25.05-darwin 1.2.0

pkgs.vscode-extensions.b4dm4n.vscode-nixpkgs-fmt

None

nixos-unstable B4dM4n-nixpkgs-fmt-0.0.1
- nixpkgs-unstable B4dM4n-nixpkgs-fmt-0.0.1
- nixos-unstable-small B4dM4n-nixpkgs-fmt-0.0.1
nixos-25.05 B4dM4n-nixpkgs-fmt-0.0.1
- nixos-25.05-small B4dM4n-nixpkgs-fmt-0.0.1
- nixpkgs-25.05-darwin B4dM4n-nixpkgs-fmt-0.0.1

pkgs.haskellPackages.distribution-nixpkgs-unstable

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1-unstable-2025-11-11
- nixpkgs-unstable 1.7.1.1-unstable-2025-11-11
- nixos-unstable-small 1.7.1.1-unstable-2025-11-11

Package maintainers: 19

@Gabriella439 Gabriella Gonzalez <GenuineGabriella@gmail.com>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@figsoda figsoda <figsoda@pm.me>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@zimbatm zimbatm <zimbatm@zimbatm.com>
@edolstra Eelco Dolstra <edolstra+nixpkgs@gmail.com>
@Artturin Artturi N <artturin@artturin.com>
@emilazy Emily <nixpkgs@emily.moe>
@isabelroses Isabel Roses <isabel@isabelroses.com>
@uncenter uncenter <uncenter@uncenter.dev>
@philiptaron Philip Taron <philip.taron@gmail.com>
@willbush Will Bush <git@willbush.dev>
@t184256 Alexander Sosedkin <monk@unboiled.info>
@PerchunPak Perchun Pak <nixpkgs@perchun.it>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@ShamrockLee Yueh-Shun Li <shamrocklee@posteo.net>
@mdaniels5757 Michael Daniels <nix@mdaniels.me>
@khaneliman Austin Horstman <khaneliman12@gmail.com>
@teto Matthieu Coudron <mcoudron@hotmail.com>

CVE-2026-1175

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created an hour ago

birkir prime GraphQL Directive graphql information exposure

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

prime

==0.4.0.beta

Matching in nixpkgs

pkgs.mprime

Mersenne prime search / System stability tester

nixos-unstable 30.19b21
- nixpkgs-unstable 30.19b21
- nixos-unstable-small 30.19b21
nixos-25.05 30.8b15
- nixos-25.05-small 30.8b15
- nixpkgs-25.05-darwin 30.8b15

pkgs.primecount

Fast prime counting function implementations

nixos-unstable 7.20
- nixpkgs-unstable 7.20
- nixos-unstable-small 7.20
nixos-25.05 7.16
- nixos-25.05-small 7.16
- nixpkgs-25.05-darwin 7.16

pkgs.primesieve

Fast C/C++ prime number generator

nixos-unstable 12.10
- nixpkgs-unstable 12.10
- nixos-unstable-small 12.10
nixos-25.05 12.8
- nixos-25.05-small 12.8
- nixpkgs-25.05-darwin 12.8

pkgs.prime-server

Non-blocking (web)server API for distributed computing and SOA based on zeromq

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0
nixos-25.05 0.7.0
- nixos-25.05-small 0.7.0
- nixpkgs-25.05-darwin 0.7.0

pkgs.courier-prime

Monospaced font designed specifically for screenplays

nixos-unstable 2019-12-05
- nixpkgs-unstable 2019-12-05
- nixos-unstable-small 2019-12-05
nixos-25.05 2019-12-05
- nixos-25.05-small 2019-12-05
- nixpkgs-25.05-darwin 2019-12-05

pkgs.CuboCore.libcprime

Library for bookmarking, saving recent activites, managing settings of C-Suite

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.05 5.0.0
- nixos-25.05-small 5.0.0
- nixpkgs-25.05-darwin 5.0.0

pkgs.quartus-prime-lite

FPGA design and simulation software

nixos-unstable 24.1std.0.1077
- nixpkgs-unstable 24.1std.0.1077
- nixos-unstable-small 24.1std.0.1077
nixos-25.05 23.1std.1.993
- nixos-25.05-small 23.1std.1.993
- nixpkgs-25.05-darwin 23.1std.1.993

pkgs.rubyPackages.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.dolphin-emu-primehack

Gamecube/Wii/Triforce emulator for x86_64 and ARMv8

nixos-unstable 1.0.8
- nixpkgs-unstable 1.0.8
- nixos-unstable-small 1.0.8
nixos-25.05 1.0.7a
- nixos-25.05-small 1.0.7a
- nixpkgs-25.05-darwin 1.0.7a

pkgs.haskellPackages.primes

Efficient, purely functional generation of prime numbers

nixos-unstable 0.2.1.0
- nixpkgs-unstable 0.2.1.0
- nixos-unstable-small 0.2.1.0
nixos-25.05 0.2.1.0
- nixos-25.05-small 0.2.1.0
- nixpkgs-25.05-darwin 0.2.1.0

pkgs.rubyPackages_3_1.prime

None

nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_2.prime

None

nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_3.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_4.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_5.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4

pkgs.haskellPackages.nth-prime

Computing the nth prime

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.05 1.2
- nixos-25.05-small 1.2
- nixpkgs-25.05-darwin 1.2

pkgs.python312Packages.msprime

Simulate genealogical trees and genomic sequence data using population genetic models

nixos-unstable 1.3.4
- nixpkgs-unstable 1.3.4
- nixos-unstable-small 1.3.4
nixos-25.05 1.3.4
- nixos-25.05-small 1.3.4
- nixpkgs-25.05-darwin 1.3.4

pkgs.python312Packages.primepy

This module contains several useful functions to work with prime numbers. from primePy import primes

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.05 1.3
- nixos-25.05-small 1.3
- nixpkgs-25.05-darwin 1.3

pkgs.python312Packages.primer3

Oligo analysis and primer design

nixos-unstable primer3-2.2.0
- nixpkgs-unstable primer3-2.2.0
- nixos-unstable-small primer3-2.2.0
nixos-25.05 primer3-2.1.0
- nixos-25.05-small primer3-2.1.0
- nixpkgs-25.05-darwin primer3-2.1.0

pkgs.python313Packages.msprime

Simulate genealogical trees and genomic sequence data using population genetic models

nixos-unstable 1.3.4
- nixpkgs-unstable 1.3.4
- nixos-unstable-small 1.3.4
nixos-25.05 1.3.4
- nixos-25.05-small 1.3.4
- nixpkgs-25.05-darwin 1.3.4

pkgs.python313Packages.primepy

This module contains several useful functions to work with prime numbers. from primePy import primes

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.05 1.3
- nixos-25.05-small 1.3
- nixpkgs-25.05-darwin 1.3

pkgs.python313Packages.primer3

Oligo analysis and primer design

nixos-unstable primer3-2.2.0
- nixpkgs-unstable primer3-2.2.0
- nixos-unstable-small primer3-2.2.0
nixos-25.05 primer3-2.1.0
- nixos-25.05-small primer3-2.1.0
- nixpkgs-25.05-darwin primer3-2.1.0

pkgs.haskellPackages.antiprimes

Initial project template from stack

nixos-unstable 0.1.0.1
- nixpkgs-unstable 0.1.0.1
- nixos-unstable-small 0.1.0.1
nixos-25.05 0.1.0.1
- nixos-25.05-small 0.1.0.1
- nixpkgs-25.05-darwin 0.1.0.1

pkgs.haskellPackages.primecount

Bindings to the primecount library

nixos-unstable 0.1.0.2
- nixpkgs-unstable 0.1.0.2
- nixos-unstable-small 0.1.0.2
nixos-25.05 0.1.0.2
- nixos-25.05-small 0.1.0.2
- nixpkgs-25.05-darwin 0.1.0.2

pkgs.haskellPackages.primesieve

FFI bindings for the primesieve library

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.05 0.2.0
- nixos-25.05-small 0.2.0
- nixpkgs-25.05-darwin 0.2.0

pkgs.perlPackages.MathPrimeUtil

Utilities related to prime numbers, including fast sieves and factoring

nixos-unstable 0.73
- nixpkgs-unstable 0.73
- nixos-unstable-small 0.73
nixos-25.05 0.73
- nixos-25.05-small 0.73
- nixpkgs-25.05-darwin 0.73

pkgs.akkuPackages.chibi-math-prime

Prime and number theoretic utilities

nixos-unstable 0.10.0
- nixpkgs-unstable 0.10.0
- nixos-unstable-small 0.10.0
nixos-25.05 0.10.0
- nixos-25.05-small 0.10.0
- nixpkgs-25.05-darwin 0.10.0

pkgs.haskellPackages.prelude-prime

A slightly better (but conservative) Prelude

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1
nixos-25.05 0.1
- nixos-25.05-small 0.1
- nixpkgs-25.05-darwin 0.1

pkgs.perl538Packages.MathPrimeUtil

Utilities related to prime numbers, including fast sieves and factoring

nixos-unstable 0.73
- nixpkgs-unstable 0.73
- nixos-unstable-small 0.73
nixos-25.05 0.73
- nixos-25.05-small 0.73
- nixpkgs-25.05-darwin 0.73

pkgs.perl540Packages.MathPrimeUtil

Utilities related to prime numbers, including fast sieves and factoring

nixos-unstable 0.73
- nixpkgs-unstable 0.73
- nixos-unstable-small 0.73
nixos-25.05 0.73
- nixos-25.05-small 0.73
- nixpkgs-25.05-darwin 0.73

pkgs.perlPackages.MathPrimeUtilGMP

Utilities related to prime numbers, using GMP

nixos-unstable 0.52
- nixpkgs-unstable 0.52
- nixos-unstable-small 0.52
nixos-25.05 0.52
- nixos-25.05-small 0.52
- nixpkgs-25.05-darwin 0.52

pkgs.perlPackages.MathProvablePrime

Generate a provable prime number, in pure Perl

nixos-unstable 0.51
- nixpkgs-unstable 0.51
- nixos-unstable-small 0.51
nixos-25.05 0.51
- nixos-25.05-small 0.51
- nixpkgs-25.05-darwin 0.51

pkgs.python312Packages.primecountpy

Cython interface for C++ primecount library

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.05 0.1.0
- nixos-25.05-small 0.1.0
- nixpkgs-25.05-darwin 0.1.0

pkgs.python313Packages.primecountpy

Cython interface for C++ primecount library

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.05 0.1.0
- nixos-25.05-small 0.1.0
- nixpkgs-25.05-darwin 0.1.0

pkgs.haskellPackages.opentheory-prime

Prime natural numbers

nixos-unstable 1.85
- nixpkgs-unstable 1.85
- nixos-unstable-small 1.85
nixos-25.05 1.85
- nixos-25.05-small 1.85
- nixpkgs-25.05-darwin 1.85

pkgs.perl538Packages.MathPrimeUtilGMP

Utilities related to prime numbers, using GMP

nixos-unstable 0.52
- nixpkgs-unstable 0.52
- nixos-unstable-small 0.52
nixos-25.05 0.52
- nixos-25.05-small 0.52
- nixpkgs-25.05-darwin 0.52

pkgs.perl540Packages.MathPrimeUtilGMP

Utilities related to prime numbers, using GMP

nixos-unstable 0.52
- nixpkgs-unstable 0.52
- nixos-unstable-small 0.52
nixos-25.05 0.52
- nixos-25.05-small 0.52
- nixpkgs-25.05-darwin 0.52

pkgs.rubyPackages.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.perl538Packages.MathProvablePrime

Generate a provable prime number, in pure Perl

nixos-unstable 0.51
- nixpkgs-unstable 0.51
- nixos-unstable-small 0.51
nixos-25.05 0.51
- nixos-25.05-small 0.51
- nixpkgs-25.05-darwin 0.51

pkgs.perl540Packages.MathProvablePrime

Generate a provable prime number, in pure Perl

nixos-unstable 0.51
- nixpkgs-unstable 0.51
- nixos-unstable-small 0.51
nixos-25.05 0.51
- nixos-25.05-small 0.51
- nixpkgs-25.05-darwin 0.51

pkgs.rubyPackages_3_1.jekyll-theme-primer

None

nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_2.jekyll-theme-primer

None

nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_3.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_4.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_5.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

Package maintainers: 14

@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
@austinbutler Austin Butler <austinabutler@gmail.com>
@Madouura Madoura <madouura@gmail.com>
@stigtsp Stig Palmquist <stig@stig.io>
@Thra11 Tom Hall <tahall256@protonmail.ch>
@omasanori Masanori Ogino
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@timokau Timo Kaufmann <timokau@zoho.com>
@collares Mauricio Collares <mauricio@collares.org>
@alxsimon Alexis Simon <alexis.simon@normalesup.org>
@MatthewCroughan Matthew Croughan <matt@croughan.sh>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@kwohlfahrt Kai Wohlfahrt <kai.wohlfahrt@gmail.com>

CVE-2026-23852

created an hour ago

SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into the `icon` attribute of a block via the `/api/attr/setBlockAttrs` API. The payload is later rendered in the dynamic icon feature in an unsanitized context, leading to stored XSS and, in the desktop environment, potential remote code execution (RCE). This issue bypasses the previous fix for issue `#15970` (XSS → RCE via dynamic icons). Version 3.5.4 contains an updated fix.

Affected products

siyuan

==< 3.5.4

Matching in nixpkgs

pkgs.siyuan

Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.05 3.1.28
- nixos-25.05-small 3.1.28
- nixpkgs-25.05-darwin 3.1.28

Package maintainers: 2

@TomaSajt TomaSajt
@L-Trump Luo Chen <ltrump@163.com>

CVE-2026-1173

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created an hour ago

birkir prime GraphQL Array Based Query Batch graphql denial of service

A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

prime

==0.4.0.beta

Matching in nixpkgs

pkgs.mprime

Mersenne prime search / System stability tester

nixos-unstable 30.19b21
- nixpkgs-unstable 30.19b21
- nixos-unstable-small 30.19b21
nixos-25.05 30.8b15
- nixos-25.05-small 30.8b15
- nixpkgs-25.05-darwin 30.8b15

pkgs.primecount

Fast prime counting function implementations

nixos-unstable 7.20
- nixpkgs-unstable 7.20
- nixos-unstable-small 7.20
nixos-25.05 7.16
- nixos-25.05-small 7.16
- nixpkgs-25.05-darwin 7.16

pkgs.primesieve

Fast C/C++ prime number generator

nixos-unstable 12.10
- nixpkgs-unstable 12.10
- nixos-unstable-small 12.10
nixos-25.05 12.8
- nixos-25.05-small 12.8
- nixpkgs-25.05-darwin 12.8

pkgs.prime-server

Non-blocking (web)server API for distributed computing and SOA based on zeromq

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0
nixos-25.05 0.7.0
- nixos-25.05-small 0.7.0
- nixpkgs-25.05-darwin 0.7.0

pkgs.courier-prime

Monospaced font designed specifically for screenplays

nixos-unstable 2019-12-05
- nixpkgs-unstable 2019-12-05
- nixos-unstable-small 2019-12-05
nixos-25.05 2019-12-05
- nixos-25.05-small 2019-12-05
- nixpkgs-25.05-darwin 2019-12-05

pkgs.CuboCore.libcprime

Library for bookmarking, saving recent activites, managing settings of C-Suite

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.05 5.0.0
- nixos-25.05-small 5.0.0
- nixpkgs-25.05-darwin 5.0.0

pkgs.quartus-prime-lite

FPGA design and simulation software

nixos-unstable 24.1std.0.1077
- nixpkgs-unstable 24.1std.0.1077
- nixos-unstable-small 24.1std.0.1077
nixos-25.05 23.1std.1.993
- nixos-25.05-small 23.1std.1.993
- nixpkgs-25.05-darwin 23.1std.1.993

pkgs.rubyPackages.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.dolphin-emu-primehack

Gamecube/Wii/Triforce emulator for x86_64 and ARMv8

nixos-unstable 1.0.8
- nixpkgs-unstable 1.0.8
- nixos-unstable-small 1.0.8
nixos-25.05 1.0.7a
- nixos-25.05-small 1.0.7a
- nixpkgs-25.05-darwin 1.0.7a

pkgs.haskellPackages.primes

Efficient, purely functional generation of prime numbers

nixos-unstable 0.2.1.0
- nixpkgs-unstable 0.2.1.0
- nixos-unstable-small 0.2.1.0
nixos-25.05 0.2.1.0
- nixos-25.05-small 0.2.1.0
- nixpkgs-25.05-darwin 0.2.1.0

pkgs.rubyPackages_3_1.prime

None

nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_2.prime

None

nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_3.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_4.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.05 0.1.3
- nixos-25.05-small 0.1.3
- nixpkgs-25.05-darwin 0.1.3

pkgs.rubyPackages_3_5.prime

None

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4

pkgs.haskellPackages.nth-prime

Computing the nth prime

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.05 1.2
- nixos-25.05-small 1.2
- nixpkgs-25.05-darwin 1.2

pkgs.python312Packages.msprime

Simulate genealogical trees and genomic sequence data using population genetic models

nixos-unstable 1.3.4
- nixpkgs-unstable 1.3.4
- nixos-unstable-small 1.3.4
nixos-25.05 1.3.4
- nixos-25.05-small 1.3.4
- nixpkgs-25.05-darwin 1.3.4

pkgs.python312Packages.primepy

This module contains several useful functions to work with prime numbers. from primePy import primes

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.05 1.3
- nixos-25.05-small 1.3
- nixpkgs-25.05-darwin 1.3

pkgs.python312Packages.primer3

Oligo analysis and primer design

nixos-unstable primer3-2.2.0
- nixpkgs-unstable primer3-2.2.0
- nixos-unstable-small primer3-2.2.0
nixos-25.05 primer3-2.1.0
- nixos-25.05-small primer3-2.1.0
- nixpkgs-25.05-darwin primer3-2.1.0

pkgs.python313Packages.msprime

Simulate genealogical trees and genomic sequence data using population genetic models

nixos-unstable 1.3.4
- nixpkgs-unstable 1.3.4
- nixos-unstable-small 1.3.4
nixos-25.05 1.3.4
- nixos-25.05-small 1.3.4
- nixpkgs-25.05-darwin 1.3.4

pkgs.python313Packages.primepy

This module contains several useful functions to work with prime numbers. from primePy import primes

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.05 1.3
- nixos-25.05-small 1.3
- nixpkgs-25.05-darwin 1.3

pkgs.python313Packages.primer3

Oligo analysis and primer design

nixos-unstable primer3-2.2.0
- nixpkgs-unstable primer3-2.2.0
- nixos-unstable-small primer3-2.2.0
nixos-25.05 primer3-2.1.0
- nixos-25.05-small primer3-2.1.0
- nixpkgs-25.05-darwin primer3-2.1.0

pkgs.haskellPackages.antiprimes

Initial project template from stack

nixos-unstable 0.1.0.1
- nixpkgs-unstable 0.1.0.1
- nixos-unstable-small 0.1.0.1
nixos-25.05 0.1.0.1
- nixos-25.05-small 0.1.0.1
- nixpkgs-25.05-darwin 0.1.0.1

pkgs.haskellPackages.primecount

Bindings to the primecount library

nixos-unstable 0.1.0.2
- nixpkgs-unstable 0.1.0.2
- nixos-unstable-small 0.1.0.2
nixos-25.05 0.1.0.2
- nixos-25.05-small 0.1.0.2
- nixpkgs-25.05-darwin 0.1.0.2

pkgs.haskellPackages.primesieve

FFI bindings for the primesieve library

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.05 0.2.0
- nixos-25.05-small 0.2.0
- nixpkgs-25.05-darwin 0.2.0

pkgs.perlPackages.MathPrimeUtil

Utilities related to prime numbers, including fast sieves and factoring

nixos-unstable 0.73
- nixpkgs-unstable 0.73
- nixos-unstable-small 0.73
nixos-25.05 0.73
- nixos-25.05-small 0.73
- nixpkgs-25.05-darwin 0.73

pkgs.akkuPackages.chibi-math-prime

Prime and number theoretic utilities

nixos-unstable 0.10.0
- nixpkgs-unstable 0.10.0
- nixos-unstable-small 0.10.0
nixos-25.05 0.10.0
- nixos-25.05-small 0.10.0
- nixpkgs-25.05-darwin 0.10.0

pkgs.haskellPackages.prelude-prime

A slightly better (but conservative) Prelude

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1
nixos-25.05 0.1
- nixos-25.05-small 0.1
- nixpkgs-25.05-darwin 0.1

pkgs.perl538Packages.MathPrimeUtil

Utilities related to prime numbers, including fast sieves and factoring

nixos-unstable 0.73
- nixpkgs-unstable 0.73
- nixos-unstable-small 0.73
nixos-25.05 0.73
- nixos-25.05-small 0.73
- nixpkgs-25.05-darwin 0.73

pkgs.perl540Packages.MathPrimeUtil

Utilities related to prime numbers, including fast sieves and factoring

nixos-unstable 0.73
- nixpkgs-unstable 0.73
- nixos-unstable-small 0.73
nixos-25.05 0.73
- nixos-25.05-small 0.73
- nixpkgs-25.05-darwin 0.73

pkgs.perlPackages.MathPrimeUtilGMP

Utilities related to prime numbers, using GMP

nixos-unstable 0.52
- nixpkgs-unstable 0.52
- nixos-unstable-small 0.52
nixos-25.05 0.52
- nixos-25.05-small 0.52
- nixpkgs-25.05-darwin 0.52

pkgs.perlPackages.MathProvablePrime

Generate a provable prime number, in pure Perl

nixos-unstable 0.51
- nixpkgs-unstable 0.51
- nixos-unstable-small 0.51
nixos-25.05 0.51
- nixos-25.05-small 0.51
- nixpkgs-25.05-darwin 0.51

pkgs.python312Packages.primecountpy

Cython interface for C++ primecount library

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.05 0.1.0
- nixos-25.05-small 0.1.0
- nixpkgs-25.05-darwin 0.1.0

pkgs.python313Packages.primecountpy

Cython interface for C++ primecount library

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.05 0.1.0
- nixos-25.05-small 0.1.0
- nixpkgs-25.05-darwin 0.1.0

pkgs.haskellPackages.opentheory-prime

Prime natural numbers

nixos-unstable 1.85
- nixpkgs-unstable 1.85
- nixos-unstable-small 1.85
nixos-25.05 1.85
- nixos-25.05-small 1.85
- nixpkgs-25.05-darwin 1.85

pkgs.perl538Packages.MathPrimeUtilGMP

Utilities related to prime numbers, using GMP

nixos-unstable 0.52
- nixpkgs-unstable 0.52
- nixos-unstable-small 0.52
nixos-25.05 0.52
- nixos-25.05-small 0.52
- nixpkgs-25.05-darwin 0.52

pkgs.perl540Packages.MathPrimeUtilGMP

Utilities related to prime numbers, using GMP

nixos-unstable 0.52
- nixpkgs-unstable 0.52
- nixos-unstable-small 0.52
nixos-25.05 0.52
- nixos-25.05-small 0.52
- nixpkgs-25.05-darwin 0.52

pkgs.rubyPackages.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.perl538Packages.MathProvablePrime

Generate a provable prime number, in pure Perl

nixos-unstable 0.51
- nixpkgs-unstable 0.51
- nixos-unstable-small 0.51
nixos-25.05 0.51
- nixos-25.05-small 0.51
- nixpkgs-25.05-darwin 0.51

pkgs.perl540Packages.MathProvablePrime

Generate a provable prime number, in pure Perl

nixos-unstable 0.51
- nixpkgs-unstable 0.51
- nixos-unstable-small 0.51
nixos-25.05 0.51
- nixos-25.05-small 0.51
- nixpkgs-25.05-darwin 0.51

pkgs.rubyPackages_3_1.jekyll-theme-primer

None

nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_2.jekyll-theme-primer

None

nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_3.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_4.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.05 0.6.0
- nixos-25.05-small 0.6.0
- nixpkgs-25.05-darwin 0.6.0

pkgs.rubyPackages_3_5.jekyll-theme-primer

None

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0

Package maintainers: 14

@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
@austinbutler Austin Butler <austinabutler@gmail.com>
@Madouura Madoura <madouura@gmail.com>
@stigtsp Stig Palmquist <stig@stig.io>
@Thra11 Tom Hall <tahall256@protonmail.ch>
@omasanori Masanori Ogino
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@timokau Timo Kaufmann <timokau@zoho.com>
@collares Mauricio Collares <mauricio@collares.org>
@alxsimon Alexis Simon <alexis.simon@normalesup.org>
@MatthewCroughan Matthew Croughan <matt@croughan.sh>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@kwohlfahrt Kai Wohlfahrt <kai.wohlfahrt@gmail.com>

CVE-2026-23850

created an hour ago

SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4 fixes the issue.

Affected products

siyuan

==< 3.5.4

Matching in nixpkgs

pkgs.siyuan

Privacy-first personal knowledge management system that supports complete offline usage, as well as end-to-end encrypted data sync

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.05 3.1.28
- nixos-25.05-small 3.1.28
- nixpkgs-25.05-darwin 3.1.28

Package maintainers: 2

@TomaSajt TomaSajt
@L-Trump Luo Chen <ltrump@163.com>

CVE-2026-23732

created an hour ago

FreeRDP has heap-buffer-overflow in Glyph_Alloc

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.

Affected products

FreeRDP

==< 3.21.0

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers: 1

@peterhoeg Peter Hoeg <peter@hoeg.com>

CVE-2025-55252

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created an hour ago

HCL AION is affected by a Weak Password Policy vulnerability

HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access

Affected products

AION

Matching in nixpkgs

pkgs.python312Packages.aionut

Asyncio Network UPS Tools

nixos-unstable 4.3.4
- nixpkgs-unstable 4.3.4
- nixos-unstable-small 4.3.4
nixos-25.05 4.3.4
- nixos-25.05-small 4.3.4
- nixpkgs-25.05-darwin 4.3.4

pkgs.python313Packages.aionut

Asyncio Network UPS Tools

nixos-unstable 4.3.4
- nixpkgs-unstable 4.3.4
- nixos-unstable-small 4.3.4
nixos-25.05 4.3.4
- nixos-25.05-small 4.3.4
- nixpkgs-25.05-darwin 4.3.4

pkgs.python312Packages.aiontfy

Async ntfy client library

nixos-unstable 0.6.1
- nixpkgs-unstable 0.6.1
- nixos-unstable-small 0.6.1
nixos-25.05 0.5.1
- nixos-25.05-small 0.5.1
- nixpkgs-25.05-darwin 0.5.1

pkgs.python313Packages.aiontfy

Async ntfy client library

nixos-unstable 0.6.1
- nixpkgs-unstable 0.6.1
- nixos-unstable-small 0.6.1
nixos-25.05 0.5.1
- nixos-25.05-small 0.5.1
- nixpkgs-25.05-darwin 0.5.1

pkgs.python312Packages.aionotion

Python library for Notion Home Monitoring

nixos-unstable 2025.02.0
- nixpkgs-unstable 2025.02.0
- nixos-unstable-small 2025.02.0
nixos-25.05 2024.03.0
- nixos-25.05-small 2024.03.0
- nixpkgs-25.05-darwin 2024.03.0

pkgs.python313Packages.aionotion

Python library for Notion Home Monitoring

nixos-unstable 2025.02.0
- nixpkgs-unstable 2025.02.0
- nixos-unstable-small 2025.02.0
nixos-25.05 2024.03.0
- nixos-25.05-small 2024.03.0
- nixpkgs-25.05-darwin 2024.03.0

pkgs.python312Packages.aionanoleaf

Python wrapper for the Nanoleaf API

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.05 0.2.1
- nixos-25.05-small 0.2.1
- nixpkgs-25.05-darwin 0.2.1

pkgs.python313Packages.aionanoleaf

Python wrapper for the Nanoleaf API

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.05 0.2.1
- nixos-25.05-small 0.2.1
- nixpkgs-25.05-darwin 0.2.1

pkgs.python312Packages.electrum-aionostr

Asyncio nostr client

nixos-unstable 0.0.11
- nixpkgs-unstable 0.0.11
- nixos-unstable-small 0.0.11

pkgs.python313Packages.electrum-aionostr

Asyncio nostr client

nixos-unstable 0.0.11
- nixpkgs-unstable 0.0.11
- nixos-unstable-small 0.0.11

Package maintainers: 2

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@dotlambda Robert Schütz <rschuetz17@gmail.com>

CVE-2025-52660

2.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created an hour ago

HCL AION is affected by an Host Header Injection vulnerability

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Affected products

AION

Matching in nixpkgs

pkgs.python312Packages.aionut

Asyncio Network UPS Tools

nixos-unstable 4.3.4
- nixpkgs-unstable 4.3.4
- nixos-unstable-small 4.3.4
nixos-25.05 4.3.4
- nixos-25.05-small 4.3.4
- nixpkgs-25.05-darwin 4.3.4

pkgs.python313Packages.aionut

Asyncio Network UPS Tools

nixos-unstable 4.3.4
- nixpkgs-unstable 4.3.4
- nixos-unstable-small 4.3.4
nixos-25.05 4.3.4
- nixos-25.05-small 4.3.4
- nixpkgs-25.05-darwin 4.3.4

pkgs.python312Packages.aiontfy

Async ntfy client library

nixos-unstable 0.6.1
- nixpkgs-unstable 0.6.1
- nixos-unstable-small 0.6.1
nixos-25.05 0.5.1
- nixos-25.05-small 0.5.1
- nixpkgs-25.05-darwin 0.5.1

pkgs.python313Packages.aiontfy

Async ntfy client library

nixos-unstable 0.6.1
- nixpkgs-unstable 0.6.1
- nixos-unstable-small 0.6.1
nixos-25.05 0.5.1
- nixos-25.05-small 0.5.1
- nixpkgs-25.05-darwin 0.5.1

pkgs.python312Packages.aionotion

Python library for Notion Home Monitoring

nixos-unstable 2025.02.0
- nixpkgs-unstable 2025.02.0
- nixos-unstable-small 2025.02.0
nixos-25.05 2024.03.0
- nixos-25.05-small 2024.03.0
- nixpkgs-25.05-darwin 2024.03.0

pkgs.python313Packages.aionotion

Python library for Notion Home Monitoring

nixos-unstable 2025.02.0
- nixpkgs-unstable 2025.02.0
- nixos-unstable-small 2025.02.0
nixos-25.05 2024.03.0
- nixos-25.05-small 2024.03.0
- nixpkgs-25.05-darwin 2024.03.0

pkgs.python312Packages.aionanoleaf

Python wrapper for the Nanoleaf API

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.05 0.2.1
- nixos-25.05-small 0.2.1
- nixpkgs-25.05-darwin 0.2.1

pkgs.python313Packages.aionanoleaf

Python wrapper for the Nanoleaf API

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.05 0.2.1
- nixos-25.05-small 0.2.1
- nixpkgs-25.05-darwin 0.2.1

pkgs.python312Packages.electrum-aionostr

Asyncio nostr client

nixos-unstable 0.0.11
- nixpkgs-unstable 0.0.11
- nixos-unstable-small 0.0.11

pkgs.python313Packages.electrum-aionostr

Asyncio nostr client

nixos-unstable 0.0.11
- nixpkgs-unstable 0.0.11
- nixos-unstable-small 0.0.11

Package maintainers: 2

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@dotlambda Robert Schütz <rschuetz17@gmail.com>

CVE-2026-23833

created an hour ago

ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check `ptr + field_length > end` in `components/api/proto.cpp` can overflow when a malicious client sends a large `field_length` value. This affects all ESPHome device platforms (ESP32, ESP8266, RP2040, LibreTiny). The overflow bypasses the out-of-bounds check, causing the device to read invalid memory and crash. When using the plaintext API protocol, this attack can be performed without authentication. When noise encryption is enabled, knowledge of the encryption key is required. Users should upgrade to ESPHome 2025.12.7 or later to receive a patch, enable API encryption with a unique key per device, and follow the Security Best Practices.

Affected products

esphome

==>= 2025.9.0, < 2025.12.7

Matching in nixpkgs

pkgs.esphome

Make creating custom firmwares for ESP32/ESP8266 super easy

nixos-unstable 2025.11.0
- nixpkgs-unstable 2025.11.0
- nixos-unstable-small 2025.11.0
nixos-25.05 2025.4.2
- nixos-25.05-small 2025.4.2
- nixpkgs-25.05-darwin 2025.4.2

pkgs.python312Packages.aioesphomeapi

Python Client for ESPHome native API

nixos-unstable 42.7.0
- nixpkgs-unstable 42.7.0
- nixos-unstable-small 42.7.0
nixos-25.05 30.2.0
- nixos-25.05-small 30.2.0
- nixpkgs-25.05-darwin 30.2.0

pkgs.python312Packages.bleak-esphome

Bleak backend of ESPHome

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.05 2.15.1
- nixos-25.05-small 2.15.1
- nixpkgs-25.05-darwin 2.15.1

pkgs.python313Packages.aioesphomeapi

Python Client for ESPHome native API

nixos-unstable 42.7.0
- nixpkgs-unstable 42.7.0
- nixos-unstable-small 42.7.0
nixos-25.05 30.2.0
- nixos-25.05-small 30.2.0
- nixpkgs-25.05-darwin 30.2.0

pkgs.python313Packages.bleak-esphome

Bleak backend of ESPHome

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.05 2.15.1
- nixos-25.05-small 2.15.1
- nixpkgs-25.05-darwin 2.15.1

pkgs.python312Packages.esphome-glyphsets

A lightweight version of glyphsets for ESPHome

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.05 0.2.0
- nixos-25.05-small 0.2.0
- nixpkgs-25.05-darwin 0.2.0

pkgs.python313Packages.esphome-glyphsets

A lightweight version of glyphsets for ESPHome

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.05 0.2.0
- nixos-25.05-small 0.2.0
- nixpkgs-25.05-darwin 0.2.0

pkgs.home-assistant-component-tests.esphome

Open source home automation that puts local control and privacy first

nixos-unstable 2025.11.3
- nixpkgs-unstable 2025.11.3
- nixos-unstable-small 2025.11.3
nixos-25.05 2025.5.2
- nixos-25.05-small 2025.5.2
- nixpkgs-25.05-darwin 2025.5.2

pkgs.python312Packages.esphome-dashboard-api

API to interact with ESPHome Dashboard

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.05 1.3.0
- nixos-25.05-small 1.3.0
- nixpkgs-25.05-darwin 1.3.0

pkgs.python313Packages.esphome-dashboard-api

API to interact with ESPHome Dashboard

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.05 1.3.0
- nixos-25.05-small 1.3.0
- nixpkgs-25.05-darwin 1.3.0

Package maintainers: 4

@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@globin Robin Gloster <mail@glob.in>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@dotlambda Robert Schütz <rschuetz17@gmail.com>