NIXPKGS-2026-0206

GitHub issue published on 10 Feb 2026

Permalink CVE-2026-2240

updated 2 days, 2 hours ago by @LeSuisse Activity log

Created automatic suggestion 2 days, 7 hours ago
@LeSuisse removed
6 packages
- vscode-extensions.janet-lang.vscode-janet
- tree-sitter-grammars.tree-sitter-janet-simple
- vimPlugins.nvim-treesitter-parsers.janet_simple
- python312Packages.tree-sitter-grammars.tree-sitter-janet-simple
- python313Packages.tree-sitter-grammars.tree-sitter-janet-simple
- python314Packages.tree-sitter-grammars.tree-sitter-janet-simple
2 days, 2 hours ago
@LeSuisse accepted 2 days, 2 hours ago
@LeSuisse published on GitHub 2 days, 2 hours ago

janet-lang janet compile.c janetc_pop_funcdef out-of-bounds

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.

Affected products

janet

==1.40.1
==1.40.0

Matching in nixpkgs

pkgs.janet

Janet programming language

nixos-unstable 1.40.1
- nixpkgs-unstable 1.40.1
- nixos-unstable-small 1.40.1
nixos-25.11 1.39.1
- nixos-25.11-small 1.39.1
- nixpkgs-25.11-darwin 1.39.1

Ignored packages (6)

pkgs.vscode-extensions.janet-lang.vscode-janet

Janet language support for Visual Studio Code

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.tree-sitter-grammars.tree-sitter-janet-simple

None

nixos-unstable 0.0.7-unstable-2025-05-19
- nixpkgs-unstable 0.0.7-unstable-2025-05-19
- nixos-unstable-small 0.0.7-unstable-2025-05-19
nixos-25.11 0.25.10
- nixos-25.11-small 0.25.10
- nixpkgs-25.11-darwin 0.25.10

pkgs.vimPlugins.nvim-treesitter-parsers.janet_simple

None

nixos-unstable 0.0.0+rev=7e28cbf
- nixpkgs-unstable 0.0.0+rev=7e28cbf
- nixos-unstable-small 0.0.0+rev=7e28cbf
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-janet-simple

Python bindings for tree-sitter-janet-simple

nixos-25.11 0.25.10
- nixos-25.11-small 0.25.10
- nixpkgs-25.11-darwin 0.25.10

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-janet-simple

Python bindings for tree-sitter-janet-simple

nixos-unstable 0.0.7+unstable20250519
- nixpkgs-unstable 0.0.7+unstable20250519
- nixos-unstable-small 0.0.7+unstable20250519
nixos-25.11 0.25.10
- nixos-25.11-small 0.25.10
- nixpkgs-25.11-darwin 0.25.10

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-janet-simple

Python bindings for tree-sitter-janet-simple

nixos-unstable 0.0.7+unstable20250519
- nixpkgs-unstable 0.0.7+unstable20250519
- nixos-unstable-small 0.0.7+unstable20250519

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>
@andrewchambers Andrew Chambers <ac@acha.ninja>
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
@A-jay98 Ali Jamadi <ali@jamadi.me>
@adfaure Adrien Faure <adfaure@pm.me>
@stepbrobd Yifei Sun <ysun@hey.com>
@wackbyte wackbyte <wackbyte@pm.me>

Upstream patch: https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0206

Affected products

Matching in nixpkgs

pkgs.janet

pkgs.vscode-extensions.janet-lang.vscode-janet

pkgs.tree-sitter-grammars.tree-sitter-janet-simple

pkgs.vimPlugins.nvim-treesitter-parsers.janet_simple

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-janet-simple

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-janet-simple

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-janet-simple

Package maintainers