Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-30244

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 weeks, 2 days ago by @mweinelt Activity log

Created automatic suggestion 2 weeks, 2 days ago
@mweinelt removed
35 packages
- xplanet
- freeplane
- m2-planet
- crossplane
- microplane
- paper-plane
- invoiceplane
- m2-mesoplanet
- crossplane-cli
- biplanes-revival
- planetary_annihilation
- perlPackages.MathPlanePath
- perl5Packages.MathPlanePath
- dprint-plugins.g-plane-malva
- python312Packages.crossplane
- python313Packages.crossplane
- python314Packages.crossplane
- perl538Packages.MathPlanePath
- perl540Packages.MathPlanePath
- dprint-plugins.g-plane-markup_fmt
- dprint-plugins.g-plane-pretty_yaml
- gnomeExtensions.sane-airplane-mode
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- python312Packages.planetary-computer
- python313Packages.planetary-computer
- python314Packages.planetary-computer
- dprint-plugins.g-plane-pretty_graphql
- haskellPackages.amazonka-iot-dataplane
- python313Packages.greenplanet-energy-api
- python314Packages.greenplanet-energy-api
- haskellPackages.amazonka-iot-jobs-dataplane
- vscode-extensions.gplane.wasm-language-tools
- haskellPackages.amazonka-mediastore-dataplane
- tests.home-assistant-component-tests.green_planet_energy
2 weeks, 2 days ago
@mweinelt dismissed 2 weeks, 2 days ago

Plane: Unauthenticated Workspace Member Information Disclosure

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission classes being incorrectly configured to allow anonymous access to protected endpoints. This issue has been patched in version 1.2.2.

References

https://github.com/makeplane/plane/security/advisories/GHSA-87x4-j8vh-p5qf x_refsource_CONFIRM
https://github.com/makeplane/plane/releases/tag/v1.2.2 x_refsource_MISC

Affected products

plane

==< 1.2.2

Ignored packages (35)

pkgs.xplanet

Renders an image of the earth or other planets into the X root window

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-25.11 1.3.1
- nixos-25.11-small 1.3.1
- nixpkgs-25.11-darwin 1.3.1

pkgs.freeplane

Mind-mapping software

nixos-unstable 1.12.16
- nixpkgs-unstable 1.12.16
- nixos-unstable-small 1.12.16
nixos-25.11 1.12.12
- nixos-25.11-small 1.12.12
- nixpkgs-25.11-darwin 1.12.12

pkgs.m2-planet

PLAtform NEutral Transpiler

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.13.1
- nixos-25.11-small 1.13.1
- nixpkgs-25.11-darwin 1.13.1

pkgs.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8
nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.microplane

CLI tool to make git changes across many repos

nixos-unstable 0.0.37
- nixpkgs-unstable 0.0.37
- nixos-unstable-small 0.0.37
nixos-25.11 0.0.37
- nixos-25.11-small 0.0.37
- nixpkgs-25.11-darwin 0.0.37

pkgs.paper-plane

Chat over Telegram on a modern and elegant client

nixos-25.11 0.1.0-beta.5
- nixos-25.11-small 0.1.0-beta.5
- nixpkgs-25.11-darwin 0.1.0-beta.5

pkgs.invoiceplane

Self-hosted open source application for managing your invoices, clients and payments

nixos-unstable 1.7.1
- nixpkgs-unstable 1.7.1
- nixos-unstable-small 1.7.1

pkgs.m2-mesoplanet

Macro Expander Saving Our m2-PLANET

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 1.11.0
- nixos-25.11-small 1.11.0
- nixpkgs-25.11-darwin 1.11.0

pkgs.crossplane-cli

Utility to make using Crossplane easier

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.biplanes-revival

Old cellphone arcade recreated for PC

nixos-unstable 1.2.1
- nixpkgs-unstable 1.2.1
- nixos-unstable-small 1.2.1
nixos-25.11 1.2.1
- nixos-25.11-small 1.2.1
- nixpkgs-25.11-darwin 1.2.1

pkgs.planetary_annihilation

Next-generation RTS that takes the genre to a planetary scale

nixos-unstable 62857
- nixpkgs-unstable 62857
- nixos-unstable-small 62857
nixos-25.11 62857
- nixos-25.11-small 62857
- nixpkgs-25.11-darwin 62857

pkgs.perlPackages.MathPlanePath

Points on a path through the 2-D plane

nixos-unstable 129
- nixpkgs-unstable 129
- nixos-unstable-small 129
nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.perl5Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-unstable 129
- nixpkgs-unstable 129
- nixos-unstable-small 129

pkgs.dprint-plugins.g-plane-malva

CSS, SCSS, Sass and Less formatter

nixos-unstable 0.15.1
- nixpkgs-unstable 0.15.1
- nixos-unstable-small 0.15.1
nixos-25.11 0.15.1
- nixos-25.11-small 0.15.1
- nixpkgs-25.11-darwin 0.15.1

pkgs.python312Packages.crossplane

NGINX configuration file parser and builder

nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.python313Packages.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8
nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.python314Packages.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8

pkgs.perl538Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.perl540Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.dprint-plugins.g-plane-markup_fmt

HTML, Vue, Svelte, Astro, Angular, Jinja, Twig, Nunjucks, and Vento formatter

nixos-unstable 0.25.3
- nixpkgs-unstable 0.25.3
- nixos-unstable-small 0.25.3
nixos-25.11 0.25.3
- nixos-25.11-small 0.25.3
- nixpkgs-25.11-darwin 0.25.3

pkgs.dprint-plugins.g-plane-pretty_yaml

YAML formatter

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.gnomeExtensions.sane-airplane-mode

Make airplane mode sane again! This extension gives you better control over the airplane mode and lets you turn off the annoying "Bluetooth gets turned on when I disable airplane mode" behaviour.

pkgs.python313Packages.envoy-data-plane

Python dataclasses for the Envoy Data-Plane-API

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

pkgs.python314Packages.envoy-data-plane

Python dataclasses for the Envoy Data-Plane-API

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

pkgs.python312Packages.planetary-computer

Planetary Computer SDK for Python

nixos-25.11 1.0.0.post0
- nixos-25.11-small 1.0.0.post0
- nixpkgs-25.11-darwin 1.0.0.post0

pkgs.python313Packages.planetary-computer

Planetary Computer SDK for Python

nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0
nixos-25.11 1.0.0.post0
- nixos-25.11-small 1.0.0.post0
- nixpkgs-25.11-darwin 1.0.0.post0