Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-39408

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 2 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 1 month, 2 weeks ago

Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG() allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. This vulnerability is fixed in 4.12.12.

References

https://github.com/honojs/hono/security/advisories/GHSA-xf4j-xp2r-rqqx x_refsource_CONFIRM
https://github.com/honojs/hono/commit/b470278920fffcfd6d76002755d6db53db827679 x_refsource_MISC
https://github.com/honojs/hono/releases/tag/v4.12.12 x_refsource_MISC

Affected products

hono

==< 4.12.12

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.12.0
- nixos-25.11-small 4.12.0
- nixpkgs-25.11-darwin 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.12.0
- nixos-25.11-small 0.12.0
- nixpkgs-25.11-darwin 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.typstPackages.phonokit

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python314Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1

pkgs.typstPackages.phonokit_0_0_1

Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories

nixos-unstable 0.0.1
- nixpkgs-unstable 0.0.1
- nixos-unstable-small 0.0.1

pkgs.typstPackages.phonokit_0_2_0

Create phonological representations

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.typstPackages.phonokit_0_3_0

A toolkit to create phonological representations

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.typstPackages.phonokit_0_3_5

A toolkit to create phonological representations

nixos-unstable 0.3.5
- nixpkgs-unstable 0.3.5
- nixos-unstable-small 0.3.5

pkgs.typstPackages.phonokit_0_3_6

A toolkit to create phonological representations

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

pkgs.typstPackages.phonokit_0_3_7

A toolkit to create phonological representations

nixos-unstable 0.3.7
- nixpkgs-unstable 0.3.7
- nixos-unstable-small 0.3.7

pkgs.typstPackages.phonokit_0_4_0

A toolkit to create phonological representations

nixos-unstable 0.4.0
- nixpkgs-unstable 0.4.0
- nixos-unstable-small 0.4.0

pkgs.typstPackages.phonokit_0_4_1

A toolkit to create phonological representations

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1

pkgs.typstPackages.phonokit_0_4_5

A toolkit to create phonological representations

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.typstPackages.phonokit_0_4_6

A toolkit to create phonological representations

nixos-unstable 0.4.6
- nixpkgs-unstable 0.4.6
- nixos-unstable-small 0.4.6

pkgs.typstPackages.phonokit_0_5_0

A toolkit to create phonological representations

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

pkgs.typstPackages.phonokit_0_5_1

A toolkit to create phonological representations

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1

pkgs.typstPackages.phonokit_0_5_2

A toolkit to create phonological representations

nixos-unstable 0.5.2
- nixpkgs-unstable 0.5.2
- nixos-unstable-small 0.5.2

pkgs.typstPackages.phonokit_0_5_3

A toolkit to create phonological representations

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.typstPackages.phonokit_0_5_4

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python314Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

Package maintainers

@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@FRidh Frederik Rietdijk <fridh@fridh.nl>
@NickCao Nick Cao <nickcao@nichi.co>
@K900 Ilya K. <me@0upti.me>
@bkchr Bastian Köcher <nixos@kchr.de>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@PsyanticY Psyanticy <iuns@outlook.fr>
@CHN-beta Haonan Chen <chn@chn.moe>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth