Suggestions search

All statuses

Filter by:

With package: outline

Found 3 matching suggestions

Published

Permalink CVE-2026-25062

updated 3 weeks, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 4 days ago
@LeSuisse removed
15 packages
- go-outline
- mdbook-pdf-outline
- python312Packages.outlines
- python313Packages.outlines
- typstPackages.suboutline_0_1_0
- typstPackages.suboutline_0_2_0
- typstPackages.suboutline_0_3_0
- mplus-outline-fonts.osdnRelease
- python312Packages.outlines-core
- python313Packages.outlines-core
- python314Packages.outlines-core
- mplus-outline-fonts.githubRelease
- pkgsRocm.python3Packages.outlines
- typstPackages.outline-summaryst_0_1_0
- pkgsRocm.python3Packages.outlines-core
3 weeks, 1 day ago
@LeSuisse accepted 3 weeks, 1 day ago
@LeSuisse published on GitHub 3 weeks, 1 day ago

Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversal sequences such as ../ or absolute paths, an attacker can read arbitrary files on the server and import them as attachments. This vulnerability is fixed in 1.4.0.

References

https://github.com/outline/outline/security/advisories/GHSA-7r4f-3wjv-83xf x_refsource_CONFIRM
https://github.com/outline/outline/releases/tag/v1.4.0 x_refsource_MISC

Affected products

outline

==< 1.4.0

Matching in nixpkgs

pkgs.outline

Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible

nixos-unstable 1.4.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

Package maintainers

@cab404 Vladimir Serov <cab404@mailbox.org>
@xanderio Alexander Sieg <alex@xanderio.de>
@yrd Yannik Rödel <nix@yannik.info>
@blitz Julian Stecklina <js@alien8.de>
@snue Stefan Nuernberger <kabelfrickler@gmail.com>

Upstream advisory: https://github.com/outline/outline/security/advisories/GHSA-7r4f-3wjv-83xf

Dismissed

Permalink CVE-2025-64487

updated 3 weeks, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 4 days ago
@LeSuisse removed
15 packages
- go-outline
- mdbook-pdf-outline
- python312Packages.outlines
- typstPackages.suboutline_0_1_0
- typstPackages.suboutline_0_2_0
- python313Packages.outlines
- typstPackages.suboutline_0_3_0
- mplus-outline-fonts.osdnRelease
- python312Packages.outlines-core
- python313Packages.outlines-core
- python314Packages.outlines-core
- mplus-outline-fonts.githubRelease
- pkgsRocm.python3Packages.outlines
- typstPackages.outline-summaryst_0_1_0
- pkgsRocm.python3Packages.outlines-core
3 weeks, 1 day ago
@LeSuisse dismissed 3 weeks, 1 day ago

Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

References

https://github.com/outline/outline/security/advisories/GHSA-c8xf-3j86-7686 x_refsource_CONFIRM
https://github.com/outline/outline/releases/tag/v1.1.0 x_refsource_MISC

Affected products

outline

==<= 1.0.1

Matching in nixpkgs

pkgs.outline

Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible

nixos-unstable 1.4.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

Package maintainers

@cab404 Vladimir Serov <cab404@mailbox.org>
@xanderio Alexander Sieg <alex@xanderio.de>
@yrd Yannik Rödel <nix@yannik.info>
@blitz Julian Stecklina <js@alien8.de>
@snue Stefan Nuernberger <kabelfrickler@gmail.com>

Current stable was never impacted

https://github.com/NixOS/nixpkgs/commit/b70998bdd58763d21cc7c31265b8c7cdd069d29f

Dismissed

Permalink CVE-2025-68663

updated 3 weeks, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 4 days ago
@LeSuisse removed
15 packages
- python313Packages.outlines
- typstPackages.suboutline_0_1_0
- typstPackages.suboutline_0_2_0
- typstPackages.suboutline_0_3_0
- mplus-outline-fonts.osdnRelease
- python312Packages.outlines-core
- python313Packages.outlines-core
- python314Packages.outlines-core
- mplus-outline-fonts.githubRelease
- pkgsRocm.python3Packages.outlines
- python312Packages.outlines
- typstPackages.outline-summaryst_0_1_0
- mdbook-pdf-outline
- pkgsRocm.python3Packages.outlines-core
- go-outline
3 weeks, 1 day ago
@LeSuisse dismissed 3 weeks, 1 day ago

Outline has a suspended user authentication bypass via WebSocket connections

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after their account has been suspended. This vulnerability is fixed in 1.1.0.

References

https://github.com/outline/outline/security/advisories/GHSA-mx2c-3g2x-5m9m x_refsource_CONFIRM
https://github.com/outline/outline/releases/tag/v1.1.0 x_refsource_MISC
https://github.com/outline/outline/releases/tag/v1.1.0 x_refsource_MISC
https://github.com/outline/outline/security/advisories/GHSA-mx2c-3g2x-5m9m x_refsource_CONFIRM

Affected products

outline

==< 1.1.0

Matching in nixpkgs

pkgs.outline

Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible

nixos-unstable 1.4.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

Package maintainers

@cab404 Vladimir Serov <cab404@mailbox.org>
@xanderio Alexander Sieg <alex@xanderio.de>
@yrd Yannik Rödel <nix@yannik.info>
@blitz Julian Stecklina <js@alien8.de>
@snue Stefan Nuernberger <kabelfrickler@gmail.com>

Current stable branch was never impacted https://github.com/NixOS/nixpkgs/commit/b70998bdd58763d21cc7c31265b8c7cdd069d29f