Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0151

NIXPKGS-2026-0151
published on 7 Feb 2026
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    6 packages
    • python312Packages.weblate-schemas
    • python313Packages.weblate-schemas
    • python314Packages.weblate-schemas
    • python312Packages.weblate-language-data
    • python313Packages.weblate-language-data
    • python314Packages.weblate-language-data
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

Affected products

weblate
  • ==< 5.15.1

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
Upstream patch: https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7 and https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4