Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: dragonflydb

Found 2 matching suggestions

Permalink CVE-2026-24825
created 2 weeks, 1 day ago
a memory leak in ydb-platform/ydb with use of yajl_tree_parse function from src/yail module, which will cause out-of-memory in server and cause crash.

Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C. This issue affects ydb: through 24.4.4.2.

Affected products

ydb
  • =<24.4.4.2

Matching in nixpkgs

pkgs.pgcopydb

Copy a Postgres database to a target Postgres server (pg_dump | pg_restore on steroids

Permalink CVE-2026-24124
created 2 weeks, 6 days ago
Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with access to the Manager API to view, update and delete jobs. The issue is fixed in version 2.4.1-rc.1.

Affected products

dragonfly
  • ==< 2.4.1-rc.1

Matching in nixpkgs

Package maintainers