Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0018

NIXPKGS-2026-0018
published on
Permalink CVE-2026-22863
updated 4 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 4 months, 1 week ago
  • @LeSuisse ignored
    12 packages
    • speech-denoiser
    • openimagedenoise
    • terraform-providers.deno
    • python312Packages.denonavr
    • python313Packages.denonavr
    • haskellPackages.pandoc-sidenote
    • terraform-providers.denoland_deno
    • gnomeExtensions.denon-avr-controler
    • python312Packages.bnunicodenormalizer
    • python313Packages.bnunicodenormalizer
    • vscode-extensions.denoland.vscode-deno
    • home-assistant-component-tests.denonavr
    4 months, 1 week ago
  • @LeSuisse accepted 4 months, 1 week ago
  • @LeSuisse published on GitHub 4 months, 1 week ago
Deno node:crypto doesn't finalize cipher

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.

Affected products

deno
  • ==< 2.6.0

Matching in nixpkgs

pkgs.deno

Secure runtime for JavaScript and TypeScript

Ignored packages (12)

Package maintainers

Upstream advisory: https://github.com/denoland/deno/security/advisories/GHSA-5379-f5hf-w38v