Nixpkgs Security Tracker

Permalink CVE-2026-24474

created 2 weeks, 5 days ago

Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue.

Affected products

components

==< 41e4242ecb1062d04ae42a5215363c1d9fd4e23a

Matching in nixpkgs

pkgs.lomiri.lomiri-settings-components

QML settings components for the Lomiri Desktop Environment

nixos-unstable 1.1.3
- nixpkgs-unstable 1.1.3
- nixos-unstable-small 1.1.3
nixos-25.05 1.1.2
- nixos-25.05-small 1.1.2
- nixpkgs-25.05-darwin 1.1.2

pkgs.python312Packages.dash-core-components

Dash component starter pack

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.05 2.0.0
- nixos-25.05-small 2.0.0
- nixpkgs-25.05-darwin 2.0.0

pkgs.python312Packages.dash-html-components

HTML components for Dash

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.05 2.0.0
- nixos-25.05-small 2.0.0
- nixpkgs-25.05-darwin 2.0.0

pkgs.python313Packages.dash-core-components

Dash component starter pack

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.05 2.0.0
- nixos-25.05-small 2.0.0
- nixpkgs-25.05-darwin 2.0.0

pkgs.python313Packages.dash-html-components

HTML components for Dash

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.05 2.0.0
- nixos-25.05-small 2.0.0
- nixpkgs-25.05-darwin 2.0.0

pkgs.python312Packages.connected-components-3d

Connected components on discrete and continuous multilabel 3D & 2D images

nixos-unstable 3d-3.22.0
- nixpkgs-unstable 3d-3.22.0
- nixos-unstable-small 3d-3.22.0
nixos-25.05 3d-3.22.0
- nixos-25.05-small 3d-3.22.0
- nixpkgs-25.05-darwin 3d-3.22.0

pkgs.python313Packages.connected-components-3d

Connected components on discrete and continuous multilabel 3D & 2D images

nixos-unstable 3d-3.22.0
- nixpkgs-unstable 3d-3.22.0
- nixos-unstable-small 3d-3.22.0
nixos-25.05 3d-3.22.0
- nixos-25.05-small 3d-3.22.0
- nixpkgs-25.05-darwin 3d-3.22.0

pkgs.python312Packages.dash-bootstrap-components

Bootstrap components for Plotly Dash

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.05 2.0.2
- nixos-25.05-small 2.0.2
- nixpkgs-25.05-darwin 2.0.2

pkgs.python313Packages.dash-bootstrap-components