Nixpkgs security tracker
Published
Permalink
CVE-2026-25847
8.2 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): LOW
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter …
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
Affected products
PyCharm
- <2025.3.2
Matching in nixpkgs
pkgs.jetbrains.pycharm
Python IDE from JetBrains
pkgs.jetbrains.pycharm-oss
Free Python IDE from JetBrains (built from source)
-
nixos-unstable 2025.3.1.1
- nixpkgs-unstable 2025.3.1.1
- nixos-unstable-small 2025.3.1.1
pkgs.jetbrains.pycharm-community
Free Python IDE from JetBrains (patched binaries from jetbrains)
pkgs.jetbrains.pycharm-professional
Paid-for Python IDE from JetBrains
pkgs.jetbrains.pycharm-community-bin
Free Python IDE from JetBrains (patched binaries from jetbrains)
pkgs.jetbrains.pycharm-community-src
Free Python IDE from JetBrains (built from source)
Package maintainers
-
@tymscar Oscar Molnar <oscar@tymscar.com>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@theCapypara Marco Köpcke <hello@capypara.de>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@thiagokokada Thiago K. Okada <thiagokokada@gmail.com>
-
@GenericNerdyUsername GenericNerdyUsername <genericnerdyusername@proton.me>
-
@jamesward James Ward <james@jamesward.com>