Nixpkgs security tracker
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
@astrojs/node: Cache Poisoning due to incorrect error handling when if-match header is malformed
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all subsequent requests to that file, regardless of if-match header will be served a 5xx error instead of the file until the cache expires. This vulnerability is fixed in 10.0.5.
References
-
https://github.com/withastro/astro/security/advisories/GHSA-c57f-mm3j-27q9 x_refsource_CONFIRM
Affected products
- ==< 10.0.5
Matching in nixpkgs
pkgs.astroid
GTK frontend to the notmuch mail system
pkgs.astrolog
Freeware astrology program
pkgs.gnuastro
GNU astronomy utilities and library
pkgs.astroterm
Celestial viewer for the terminal, written in C
pkgs.astronomer
Tool to detect illegitimate stars from bot accounts on GitHub projects
pkgs.astromenace
Hardcore 3D space shooter with spaceship upgrade possibilities
pkgs.sddm-astronaut
Modern looking qt6 sddm theme
-
nixos-unstable 1.0-unstable-2025-01-05
- nixpkgs-unstable 1.0-unstable-2025-01-05
- nixos-unstable-small 0-unstable-2025-12-06
-
nixos-25.11 1.0-unstable-2025-01-05
- nixos-25.11-small 1.0-unstable-2025-01-05
- nixpkgs-25.11-darwin 1.0-unstable-2025-01-05
pkgs.astrolabe-generator
Java-based tool for generating EPS files for constructing astrolabes and related tools
pkgs.astro-language-server
Astro language server
pkgs.python312Packages.astroid
Abstract syntax tree for Python with inference support
pkgs.python312Packages.astropy
Astronomy/Astrophysics library for Python
pkgs.python313Packages.astroid
Abstract syntax tree for Python with inference support
pkgs.python313Packages.astropy
Astronomy/Astrophysics library for Python
pkgs.python314Packages.astroid
Abstract syntax tree for Python with inference support
pkgs.python314Packages.astropy
Astronomy/Astrophysics library for Python
pkgs.indi-3rdparty.indi-astroasis
Third party drivers for the INDI astronomical software suite
-
nixos-unstable 3rdparty-indi-astroasis-2.2.0
- nixpkgs-unstable 3rdparty-indi-astroasis-2.2.0
- nixos-unstable-small 3rdparty-indi-astroasis-2.2.0
-
nixos-25.11 3rdparty-indi-astroasis-2.1.6.2
- nixos-25.11-small 3rdparty-indi-astroasis-2.1.6.2
- nixpkgs-25.11-darwin 3rdparty-indi-astroasis-2.1.6.2
pkgs.perlPackages.AstroFITSHeader
Object-oriented interface to FITS HDUs
pkgs.python312Packages.astroquery
Functions and classes to access online data resources
pkgs.python313Packages.astroquery
Functions and classes to access online data resources
pkgs.python314Packages.astroquery
Functions and classes to access online data resources
pkgs.perl5Packages.AstroFITSHeader
Object-oriented interface to FITS HDUs
pkgs.python312Packages.asdf-astropy
Extension library for ASDF to provide support for Astropy
pkgs.python313Packages.asdf-astropy
Extension library for ASDF to provide support for Astropy
pkgs.python314Packages.asdf-astropy
Extension library for ASDF to provide support for Astropy
pkgs.azure-cli-extensions.astronomer
Microsoft Azure Command-Line Tools Astronomer Extension
pkgs.perl538Packages.AstroFITSHeader
Object-oriented interface to FITS HDUs
pkgs.perl540Packages.AstroFITSHeader
Object-oriented interface to FITS HDUs
pkgs.python312Packages.pytest-astropy
Meta-package containing dependencies for testing
pkgs.python313Packages.pytest-astropy
Meta-package containing dependencies for testing
pkgs.python314Packages.pytest-astropy
Meta-package containing dependencies for testing
pkgs.python312Packages.astropy-healpix
BSD-licensed HEALPix for Astropy
pkgs.python312Packages.astropy-helpers
Utilities for building and installing Astropy, Astropy affiliated packages, and their respective documentation
pkgs.python313Packages.astropy-healpix
BSD-licensed HEALPix for Astropy
pkgs.python313Packages.astropy-helpers
Utilities for building and installing Astropy, Astropy affiliated packages, and their respective documentation
pkgs.python314Packages.astropy-healpix
BSD-licensed HEALPix for Astropy
pkgs.python314Packages.astropy-helpers
Utilities for building and installing Astropy, Astropy affiliated packages, and their respective documentation
pkgs.python312Packages.astropy-iers-data
IERS data maintained by @astrofrog and astropy.utils.iers maintainers
-
nixos-25.11 0.2025.8.4.0.42.59
- nixos-25.11-small 0.2025.8.4.0.42.59
- nixpkgs-25.11-darwin 0.2025.8.4.0.42.59
pkgs.python313Packages.astropy-iers-data
IERS data maintained by @astrofrog and astropy.utils.iers maintainers
-
nixos-unstable 0.2026.1.19.0.42.31
- nixpkgs-unstable 0.2026.1.19.0.42.31
- nixos-unstable-small 0.2026.1.19.0.42.31
-
nixos-25.11 0.2025.8.4.0.42.59
- nixos-25.11-small 0.2025.8.4.0.42.59
- nixpkgs-25.11-darwin 0.2025.8.4.0.42.59
pkgs.python314Packages.astropy-iers-data
IERS data maintained by @astrofrog and astropy.utils.iers maintainers
-
nixos-unstable 0.2026.1.19.0.42.31
- nixpkgs-unstable 0.2026.1.19.0.42.31
- nixos-unstable-small 0.2026.1.19.0.42.31
pkgs.tree-sitter-grammars.tree-sitter-astro
Tree-sitter grammar for astro
-
nixos-unstable 0-unstable-2025-04-23
- nixpkgs-unstable 0-unstable-2025-04-23
- nixos-unstable-small 0-unstable-2025-04-23
pkgs.python312Packages.pytest-astropy-header
Plugin to add diagnostic information to the header of the test output
pkgs.python313Packages.pytest-astropy-header
Plugin to add diagnostic information to the header of the test output
pkgs.python314Packages.pytest-astropy-header
Plugin to add diagnostic information to the header of the test output
pkgs.vimPlugins.nvim-treesitter-parsers.astro
Tree-sitter grammar for astro
-
nixos-unstable 0.0.0+rev=213f6e6
- nixpkgs-unstable 0.0.0+rev=213f6e6
- nixos-unstable-small 0.0.0+rev=213f6e6
pkgs.vscode-extensions.astro-build.astro-vscode
Astro language support for VS Code
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-astro
Python bindings for tree-sitter-astro
-
nixos-unstable 0+unstable20250423
- nixpkgs-unstable 0+unstable20250423
- nixos-unstable-small 0+unstable20250423
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-astro
Python bindings for tree-sitter-astro
-
nixos-unstable 0+unstable20250423
- nixpkgs-unstable 0+unstable20250423
- nixos-unstable-small 0+unstable20250423
Package maintainers
-
@god464 god464
-
@MiniHarinn Harinn <prinn.dev@pm.me>
-
@SuprDewd Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>
-
@bdimcheff Brandon Dimcheff <brandon@dimcheff.com>
-
@kmein Kierán Meinhardt <kmein@posteo.de>
-
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
-
@da-luce Dalton Luce <daltonluce42@gmail.com>
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
-
@returntoreality Linus Karl <linus@lotz.li>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@KentJames James Kent <jameschristopherkent@gmail.com>
-
@doronbehar Doron Behar <me@doronbehar.com>
-
@smaret Sébastien Maret <sebastien.maret@icloud.com>
-
@stepbrobd Yifei Sun <ysun@hey.com>
-
@adfaure Adrien Faure <adfaure@pm.me>
-
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
-
@A-jay98 Ali Jamadi <ali@jamadi.me>
-
@uxodb uxodb
-
@DaniD3v DaniD3v <sch220233@spengergasse.at>
-
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>