Nixpkgs security tracker

Login with GitHub

Suggestions search

Published

Filter by:

With package: pkgsRocm.python3Packages.beets

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-42052

updated an hour ago by @LeSuisse Activity log

Created suggestion 1 day, 6 hours ago
@LeSuisse ignored
9 packages
- python312Packages.beets-audible
- python312Packages.beets-minimal
- python313Packages.beets-audible
- python313Packages.beets-minimal
- python314Packages.beets-audible
- python312Packages.beets-alternatives
- python314Packages.beets-alternatives
- python313Packages.beets-alternatives
- pkgsRocm.python3Packages.beets-audible
an hour ago
@LeSuisse restored
2 packages
- python312Packages.beets-minimal
- python313Packages.beets-minimal
an hour ago
@LeSuisse accepted an hour ago
@LeSuisse published on GitHub an hour ago

beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0.

References

https://github.com/beetbox/beets/security/advisories/GHSA-3gxm-wfjx-m847 x_refsource_CONFIRM
https://github.com/beetbox/beets/releases/tag/v2.10.0 x_refsource_MISC

Affected products

beets

==< 2.10.0

Matching in nixpkgs

pkgs.beets

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.beets-minimal

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.pkgsRocm.beets

Music tagger and library organizer

nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python312Packages.beets

Music tagger and library organizer

nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python313Packages.beets

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python314Packages.beets

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.pkgsRocm.python3Packages.beets

Music tagger and library organizer

nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python312Packages.beets-minimal

Music tagger and library organizer

nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python313Packages.beets-minimal

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python314Packages.beets-minimal

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

Ignored packages (7)

pkgs.python312Packages.beets-audible

Beets-audible: Organize Your Audiobook Collection With Beets

nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.python313Packages.beets-audible

Beets-audible: Organize Your Audiobook Collection With Beets

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.python314Packages.beets-audible

Beets-audible: Organize Your Audiobook Collection With Beets

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

pkgs.python312Packages.beets-alternatives

Beets plugin to manage external files

nixos-25.11 0.13.4
- nixos-25.11-small 0.13.4
- nixpkgs-25.11-darwin 0.13.4

pkgs.python313Packages.beets-alternatives

Beets plugin to manage external files

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0
nixos-25.11 0.13.4
- nixos-25.11-small 0.13.4
- nixpkgs-25.11-darwin 0.13.4

pkgs.python314Packages.beets-alternatives

Beets plugin to manage external files

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.pkgsRocm.python3Packages.beets-audible

Beets-audible: Organize Your Audiobook Collection With Beets

nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

Package maintainers

@pjones Peter Jones <pjones@devalot.com>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@doronbehar Doron Behar <me@doronbehar.com>
@astratagem Chris Montgomery <chmont@protonmail.com>

1