Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: pynitrokey

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-44373
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 1 day, 20 hours ago Activity log
  • Created suggestion 1 day, 20 hours ago
Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.

Affected products

nitro
  • ==< 3.0.260429-beta
nitropack
  • ==< 2.13.4

Matching in nixpkgs

pkgs.nitrocli

Command line tool for interacting with Nitrokey devices

pkgs.nitrogen

Wallpaper browser and setter for X11

pkgs.libnitrokey

Communicate with Nitrokey devices in a clean and easy manner

  • nixos-unstable 3.8
    • nixpkgs-unstable 3.8
    • nixos-unstable-small 3.8
  • nixos-25.11 3.8
    • nixos-25.11-small 3.8
    • nixpkgs-25.11-darwin 3.8

pkgs.nitrokey-app

Provides extra functionality for the Nitrokey Pro and Storage

pkgs.nitrotpm-tools

Collection of utilities for working with NitroTPM attestation

pkgs.nitrokey-start-firmware

Firmware for the Nitrokey Start device

  • nixos-unstable 13
    • nixpkgs-unstable 13
    • nixos-unstable-small 13
  • nixos-25.11 13
    • nixos-25.11-small 13
    • nixpkgs-25.11-darwin 13

Package maintainers

Untriaged
Permalink CVE-2026-44372
5.3 MEDIUM
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Passive (P)
  • Vulnerable System Impact Confidentiality (VC): None (N)
  • Vulnerable System Impact Integrity (VI): None (N)
  • Vulnerable System Impact Availability (VA): None (N)
  • Subsequent System Impact Confidentiality (SC): Low (L)
  • Subsequent System Impact Integrity (SI): Low (L)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Passive (P)
  • Modified Vulnerable System Impact Confidentiality (MVC): None (N)
  • Modified Vulnerable System Impact Integrity (MVI): None (N)
  • Modified Vulnerable System Impact Availability (MVA): None (N)
  • Modified Subsequent System Impact Confidentiality (MSC): Low (L)
  • Modified Subsequent System Impact Integrity (MSI): Low (L)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
created 1 day, 20 hours ago Activity log
  • Created suggestion 1 day, 20 hours ago
Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.

Affected products

nitro
  • ==< 3.0.260429-beta
nitropack
  • ==< 2.13.4

Matching in nixpkgs

pkgs.nitrocli

Command line tool for interacting with Nitrokey devices

pkgs.nitrogen

Wallpaper browser and setter for X11

pkgs.libnitrokey

Communicate with Nitrokey devices in a clean and easy manner

  • nixos-unstable 3.8
    • nixpkgs-unstable 3.8
    • nixos-unstable-small 3.8
  • nixos-25.11 3.8
    • nixos-25.11-small 3.8
    • nixpkgs-25.11-darwin 3.8

pkgs.nitrokey-app

Provides extra functionality for the Nitrokey Pro and Storage

pkgs.nitrotpm-tools

Collection of utilities for working with NitroTPM attestation

pkgs.nitrokey-start-firmware

Firmware for the Nitrokey Start device

  • nixos-unstable 13
    • nixpkgs-unstable 13
    • nixos-unstable-small 13
  • nixos-25.11 13
    • nixos-25.11-small 13
    • nixpkgs-25.11-darwin 13

Package maintainers