Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: lesspipe

Found 4 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-48832
3.5 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated an hour ago by @LeSuisse Activity log
  • Created suggestion 1 day, 8 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) an hour ago
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to …

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.

Affected products

SPIP
  • <4.4.15

Matching in nixpkgs

pkgs.spiped

Utility for secure encrypted channels between sockets

pkgs.aespipe

AES encrypting or decrypting pipe

  • nixos-unstable 2.4j
    • nixpkgs-unstable 2.4j
    • nixos-unstable-small 2.4j
  • nixos-25.11 2.4j
    • nixos-25.11-small 2.4j
    • nixpkgs-25.11-darwin 2.4j

pkgs.lesspipe

Preprocessor for less

  • nixos-unstable 2.20
    • nixpkgs-unstable 2.20
    • nixos-unstable-small 2.20
  • nixos-25.11 2.20
    • nixos-25.11-small 2.20
    • nixpkgs-25.11-darwin 2.20

pkgs.crosspipe

PipeWire graph GTK4/Libadwaita GUI

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-8429
8.7 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
updated 1 week, 6 days ago by @LeSuisse Activity log
  • Created suggestion 1 week, 6 days ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 week, 6 days ago
SPIP < 4.4.14 Remote Code Execution via Private Space

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

Affected products

SPIP
  • <4.4.14

Matching in nixpkgs

pkgs.spiped

Utility for secure encrypted channels between sockets

pkgs.aespipe

AES encrypting or decrypting pipe

  • nixos-unstable 2.4j
    • nixpkgs-unstable 2.4j
    • nixos-unstable-small 2.4j
  • nixos-25.11 2.4j
    • nixos-25.11-small 2.4j
    • nixpkgs-25.11-darwin 2.4j

pkgs.lesspipe

Preprocessor for less

  • nixos-unstable 2.20
    • nixpkgs-unstable 2.20
    • nixos-unstable-small 2.20
  • nixos-25.11 2.20
    • nixos-25.11-small 2.20
    • nixpkgs-25.11-darwin 2.20

pkgs.crosspipe

PipeWire graph GTK4/Libadwaita GUI

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-8430
9.2 CRITICAL
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Attack Requirement (AT): Present (P)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Attack Requirement (MAT): Present (P)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
updated 1 week, 6 days ago by @LeSuisse Activity log
  • Created suggestion 1 week, 6 days ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 week, 6 days ago
SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen.

Affected products

SPIP
  • <4.4.14

Matching in nixpkgs

pkgs.spiped

Utility for secure encrypted channels between sockets

pkgs.aespipe

AES encrypting or decrypting pipe

  • nixos-unstable 2.4j
    • nixpkgs-unstable 2.4j
    • nixos-unstable-small 2.4j
  • nixos-25.11 2.4j
    • nixos-25.11-small 2.4j
    • nixpkgs-25.11-darwin 2.4j

pkgs.lesspipe

Preprocessor for less

  • nixos-unstable 2.20
    • nixpkgs-unstable 2.20
    • nixos-unstable-small 2.20
  • nixos-25.11 2.20
    • nixos-25.11-small 2.20
    • nixpkgs-25.11-darwin 2.20

pkgs.crosspipe

PipeWire graph GTK4/Libadwaita GUI

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-33549
6.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): Low (L)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 months ago
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment …

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

Affected products

SPIP
  • <4.4.13

Matching in nixpkgs

pkgs.spiped

Utility for secure encrypted channels between sockets

pkgs.aespipe

AES encrypting or decrypting pipe

  • nixos-unstable 2.4j
    • nixpkgs-unstable 2.4j
    • nixos-unstable-small 2.4j
  • nixos-25.11 2.4j
    • nixos-25.11-small 2.4j
    • nixpkgs-25.11-darwin 2.4j

pkgs.lesspipe

Preprocessor for less

  • nixos-unstable 2.20
    • nixpkgs-unstable 2.20
    • nixos-unstable-small 2.20
  • nixos-25.11 2.20
    • nixos-25.11-small 2.20
    • nixpkgs-25.11-darwin 2.20

pkgs.crosspipe

PipeWire graph GTK4/Libadwaita GUI

Package maintainers