Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: hedgedoc

Found 2 matching suggestions

Published
Permalink CVE-2026-25642
updated 5 days ago by @LeSuisse Activity log
  • Created automatic suggestion 5 days, 15 hours ago
  • @LeSuisse removed package hedgedoc-cli 5 days ago
  • @LeSuisse accepted 5 days ago
  • @LeSuisse published on GitHub 5 days ago
HedgeDoc security headers for uploaded files were not working

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to host malicious interactive web content (such as fake login forms) using SVG files. This vulnerability is fixed in 1.10.6.

Affected products

hedgedoc
  • ==< 1.10.6

Matching in nixpkgs

Ignored packages (1)

Package maintainers

Upstream advisory: https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-x74j-jmf9-534w
Upstream fix: https://github.com/hedgedoc/hedgedoc/commit/b930fe04cee92cd4723044030bb59c36781c7137 https://github.com/hedgedoc/hedgedoc/commit/74daa0e7a1cbfafd9aeb255eaf064dfe47cd401c
Untriaged
Permalink CVE-2024-34376
created 4 months, 3 weeks ago
WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.

Affected products

edge
  • =<2.0.9

Matching in nixpkgs

pkgs.edgetx

EdgeTX Companion transmitter support software

  • nixos-unstable -

pkgs.ledger

Double-entry accounting system with a command-line reporting interface

  • nixos-unstable -

pkgs.hledger

Command-line interface for the hledger accounting system

  • nixos-unstable -

pkgs.hedgedoc

Realtime collaborative markdown notes on all platforms

  • nixos-unstable -

pkgs.wasmedge

Lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications

  • nixos-unstable -

pkgs.hedgewars

Funny turn-based artillery game, featuring fighting hedgehogs

  • nixos-unstable -

pkgs.hledger-ui

Terminal interface for the hledger accounting system

  • nixos-unstable -

pkgs.ledger-web

Web frontend to the Ledger CLI tool

  • nixos-unstable -

pkgs.hledger-web

Web user interface for the hledger accounting system

  • nixos-unstable -

pkgs.hledger-iadd

A terminal UI as drop-in replacement for hledger add

  • nixos-unstable -

pkgs.linkerd_edge

Simple Kubernetes service mesh that improves security, observability and reliability

  • nixos-unstable -

pkgs.msedgedriver

WebDriver implementation that controls an Edge browser running on the local machine

pkgs.edgetpu-compiler

Command line tool that compiles a TensorFlow Lite model into an Edge TPU compatible file

  • nixos-unstable -

pkgs.gnomeExtensions.hot-edge

Add a hot edge that activates the overview to the bottom of the screen. This provides a better mouse-based workflow and can be an alternative to a dock.

  • nixos-unstable -
    • nixpkgs-unstable 26

pkgs.python312Packages.ledgercomm

Python library to send and receive APDU through HID or TCP socket. It can be used with a Ledger Nano S/X or with the Speculos emulator

  • nixos-unstable -

pkgs.python313Packages.ledgercomm

Python library to send and receive APDU through HID or TCP socket. It can be used with a Ledger Nano S/X or with the Speculos emulator

  • nixos-unstable -

Package maintainers