Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: perlPackages.MathPrimeUtil

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2025-15550
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 3 weeks ago
birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL

birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query parameters.

References

Affected products

prime
  • =<0.4.0.beta.0

Matching in nixpkgs

pkgs.prime-server

Non-blocking (web)server API for distributed computing and SOA based on zeromq

Package maintainers

Dismissed
Permalink CVE-2026-1170
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 months ago by @mweinelt Activity log
  • Created automatic suggestion 2 months ago
  • @mweinelt dismissed 2 months ago
birkir prime GraphQL API graphql information disclosure

A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected products

prime
  • ==0.4.0.beta

Matching in nixpkgs

pkgs.prime-server

Non-blocking (web)server API for distributed computing and SOA based on zeromq

Package maintainers

Not packaged