Nixpkgs security tracker
9.8 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
29 packages
- inspector
- appium-inspector
- rubyPackages.gh_inspector
- perlPackages.ClassInspector
- haskellPackages.hs-inspector
- rubyPackages_3_1.gh_inspector
- rubyPackages_3_2.gh_inspector
- rubyPackages_3_3.gh_inspector
- rubyPackages_3_4.gh_inspector
- rubyPackages_3_5.gh_inspector
- perl538Packages.ClassInspector
- perl540Packages.ClassInspector
- python312Packages.apkinspector
- python313Packages.apkinspector
- haskellPackages.amazonka-inspector
- python312Packages.debian-inspector
- python313Packages.debian-inspector
- haskellPackages.amazonka-inspector2
- kdePackages.accessibility-inspector
- python312Packages.container-inspector
- python313Packages.container-inspector
- python312Packages.mypy-boto3-inspector
- python313Packages.mypy-boto3-inspector
- python312Packages.mypy-boto3-inspector2
- python313Packages.mypy-boto3-inspector2
- python312Packages.types-aiobotocore-inspector
- python313Packages.types-aiobotocore-inspector
- python312Packages.types-aiobotocore-inspector2
- python313Packages.types-aiobotocore-inspector2
- @LeSuisse dismissed
REC in MCPJam inspector due to HTTP Endpoint exposes
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
References
Affected products
- ==<= 1.4.2
Ignored packages (29)
pkgs.inspector
Gtk4 Libadwaita wrapper for various system info cli commands
pkgs.appium-inspector
GUI inspector for the appium UI automation tool
pkgs.rubyPackages.gh_inspector
None
pkgs.perlPackages.ClassInspector
Get information about a class and its structure
pkgs.haskellPackages.hs-inspector
Haskell source code analyzer
pkgs.rubyPackages_3_1.gh_inspector
None
pkgs.rubyPackages_3_2.gh_inspector
None
pkgs.rubyPackages_3_3.gh_inspector
None
pkgs.rubyPackages_3_4.gh_inspector
None
pkgs.rubyPackages_3_5.gh_inspector
None
pkgs.perl538Packages.ClassInspector
Get information about a class and its structure
pkgs.perl540Packages.ClassInspector
Get information about a class and its structure
pkgs.python312Packages.apkinspector
Module designed to provide detailed insights into the zip structure of APK files
pkgs.python313Packages.apkinspector
Module designed to provide detailed insights into the zip structure of APK files
pkgs.haskellPackages.amazonka-inspector
Amazon Inspector SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
pkgs.python312Packages.debian-inspector
Utilities to parse Debian package, copyright and control files
pkgs.python313Packages.debian-inspector
Utilities to parse Debian package, copyright and control files
pkgs.haskellPackages.amazonka-inspector2
Amazon Inspector2 SDK
-
nixos-unstable inspector2-2.0-unstable-2025-04-16
- nixpkgs-unstable inspector2-2.0-unstable-2025-04-16
- nixos-unstable-small inspector2-2.0-unstable-2025-04-16
pkgs.kdePackages.accessibility-inspector
Inspect your application accessibility tree
pkgs.python312Packages.container-inspector
Suite of analysis utilities and command line tools for container images
pkgs.python313Packages.container-inspector
Suite of analysis utilities and command line tools for container images
pkgs.python312Packages.mypy-boto3-inspector
Type annotations for boto3 inspector
-
nixos-unstable boto3-inspector-1.41.0
- nixpkgs-unstable boto3-inspector-1.41.0
- nixos-unstable-small boto3-inspector-1.41.0
pkgs.python313Packages.mypy-boto3-inspector
Type annotations for boto3 inspector
-
nixos-unstable boto3-inspector-1.41.0
- nixpkgs-unstable boto3-inspector-1.41.0
- nixos-unstable-small boto3-inspector-1.41.0
pkgs.python312Packages.mypy-boto3-inspector2
Type annotations for boto3 inspector2
-
nixos-unstable boto3-inspector2-1.41.0
- nixpkgs-unstable boto3-inspector2-1.41.0
- nixos-unstable-small boto3-inspector2-1.41.0
pkgs.python313Packages.mypy-boto3-inspector2
Type annotations for boto3 inspector2
-
nixos-unstable boto3-inspector2-1.41.0
- nixpkgs-unstable boto3-inspector2-1.41.0
- nixos-unstable-small boto3-inspector2-1.41.0
pkgs.python312Packages.types-aiobotocore-inspector
Type annotations for aiobotocore inspector
pkgs.python313Packages.types-aiobotocore-inspector
Type annotations for aiobotocore inspector
pkgs.python312Packages.types-aiobotocore-inspector2
Type annotations for aiobotocore inspector2
-
nixos-unstable inspector2-2.25.2
- nixpkgs-unstable inspector2-2.25.2
- nixos-unstable-small inspector2-2.25.2
pkgs.python313Packages.types-aiobotocore-inspector2
Type annotations for aiobotocore inspector2
-
nixos-unstable inspector2-2.25.2
- nixpkgs-unstable inspector2-2.25.2
- nixos-unstable-small inspector2-2.25.2