Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0871

NIXPKGS-2026-0871
published 2 months, 3 weeks ago
Permalink CVE-2026-32275
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt ignored
    5 packages
    • python312Packages.pytautulli
    • python313Packages.pytautulli
    • python314Packages.pytautulli
    • home-assistant-component-tests.tautulli
    • tests.home-assistant-component-tests.tautulli
    2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago
Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0.

Affected products

Tautulli
  • ==>= 1.3.10, < 2.17.0

Matching in nixpkgs

pkgs.tautulli

Python based monitoring and tracking tool for Plex Media Server

Ignored packages (5)

Package maintainers

https://github.com/Tautulli/Tautulli/security/advisories/GHSA-95mg-wpqw-9qxh