Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python313Packages.astropy-iers-data

Found 5 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-45028
2.9 LOW
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): Present (P)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): None (N)
  • Vulnerable System Impact Integrity (VI): Low (L)
  • Vulnerable System Impact Availability (VA): None (N)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Exploit Maturity (E): POC (P)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): Present (P)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): None (N)
  • Modified Vulnerable System Impact Integrity (MVI): Low (L)
  • Modified Vulnerable System Impact Availability (MVA): None (N)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
created 1 week, 4 days ago Activity log
  • Created suggestion 1 week, 4 days ago
Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props (p) value as another component's slots (s) value, or vice versa. Since slots contain raw unescaped HTML while props may contain user-controlled values, this could lead to XSS in applications. This occurs when the application uses server islands, two different server island components share the same key name for a prop and a slot, and an attacker has full control over the value of the overlapping prop (requires a dynamically rendered page). This vulnerability is fixed in 6.1.10.

Affected products

astro
  • ==< 6.1.10

Matching in nixpkgs

pkgs.astroid

GTK frontend to the notmuch mail system

  • nixos-unstable 0.17
    • nixpkgs-unstable 0.17
    • nixos-unstable-small 0.17
  • nixos-25.11 0.17
    • nixos-25.11-small 0.17
    • nixpkgs-25.11-darwin 0.17

pkgs.astrolog

Freeware astrology program

  • nixos-unstable 7.70
    • nixpkgs-unstable 7.70
    • nixos-unstable-small 7.70
  • nixos-25.11 7.70
    • nixos-25.11-small 7.70
    • nixpkgs-25.11-darwin 7.70

pkgs.gnuastro

GNU astronomy utilities and library

  • nixos-unstable 0.24
    • nixpkgs-unstable 0.24
    • nixos-unstable-small 0.24
  • nixos-25.11 0.23
    • nixos-25.11-small 0.23
    • nixpkgs-25.11-darwin 0.23

pkgs.astronomer

Tool to detect illegitimate stars from bot accounts on GitHub projects

pkgs.astromenace

Hardcore 3D space shooter with spaceship upgrade possibilities

pkgs.astrolabe-generator

Java-based tool for generating EPS files for constructing astrolabes and related tools

  • nixos-unstable 3.3
    • nixpkgs-unstable 3.3
    • nixos-unstable-small 3.3
  • nixos-25.11 3.3
    • nixos-25.11-small 3.3
    • nixpkgs-25.11-darwin 3.3

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-41322
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 4 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month ago
  • @LeSuisse dismissed (not in Nixpkgs) 4 weeks ago
@astrojs/node: Cache Poisoning due to incorrect error handling when if-match header is malformed

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all subsequent requests to that file, regardless of if-match header will be served a 5xx error instead of the file until the cache expires. This vulnerability is fixed in 10.0.5.

Affected products

astro
  • ==< 10.0.5

Matching in nixpkgs

pkgs.astroid

GTK frontend to the notmuch mail system

  • nixos-unstable 0.17
    • nixpkgs-unstable 0.17
    • nixos-unstable-small 0.17
  • nixos-25.11 0.17
    • nixos-25.11-small 0.17
    • nixpkgs-25.11-darwin 0.17

pkgs.astrolog

Freeware astrology program

  • nixos-unstable 7.70
    • nixpkgs-unstable 7.70
    • nixos-unstable-small 7.70
  • nixos-25.11 7.70
    • nixos-25.11-small 7.70
    • nixpkgs-25.11-darwin 7.70

pkgs.gnuastro

GNU astronomy utilities and library

  • nixos-unstable 0.24
    • nixpkgs-unstable 0.24
    • nixos-unstable-small 0.24
  • nixos-25.11 0.23
    • nixos-25.11-small 0.23
    • nixpkgs-25.11-darwin 0.23

pkgs.astronomer

Tool to detect illegitimate stars from bot accounts on GitHub projects

pkgs.astromenace

Hardcore 3D space shooter with spaceship upgrade possibilities

pkgs.astrolabe-generator

Java-based tool for generating EPS files for constructing astrolabes and related tools

  • nixos-unstable 3.3
    • nixpkgs-unstable 3.3
    • nixos-unstable-small 3.3
  • nixos-25.11 3.3
    • nixos-25.11-small 3.3
    • nixpkgs-25.11-darwin 3.3

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-41067
6.1 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 4 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month ago
  • @LeSuisse dismissed (not in Nixpkgs) 4 weeks ago
Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <script> tags via the define:vars directive. HTML parsers close <script> elements case-insensitively and also accept whitespace or / before the closing >, allowing an attacker to bypass the sanitization with payloads like </Script>, </script >, or </script/> and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6.

Affected products

astro
  • ==< 6.1.6

Matching in nixpkgs

pkgs.astroid

GTK frontend to the notmuch mail system

  • nixos-unstable 0.17
    • nixpkgs-unstable 0.17
    • nixos-unstable-small 0.17
  • nixos-25.11 0.17
    • nixos-25.11-small 0.17
    • nixpkgs-25.11-darwin 0.17

pkgs.astrolog

Freeware astrology program

  • nixos-unstable 7.70
    • nixpkgs-unstable 7.70
    • nixos-unstable-small 7.70
  • nixos-25.11 7.70
    • nixos-25.11-small 7.70
    • nixpkgs-25.11-darwin 7.70

pkgs.gnuastro

GNU astronomy utilities and library

  • nixos-unstable 0.24
    • nixpkgs-unstable 0.24
    • nixos-unstable-small 0.24
  • nixos-25.11 0.23
    • nixos-25.11-small 0.23
    • nixpkgs-25.11-darwin 0.23

pkgs.astronomer

Tool to detect illegitimate stars from bot accounts on GitHub projects

pkgs.astromenace

Hardcore 3D space shooter with spaceship upgrade possibilities

pkgs.astrolabe-generator

Java-based tool for generating EPS files for constructing astrolabes and related tools

  • nixos-unstable 3.3
    • nixpkgs-unstable 3.3
    • nixos-unstable-small 3.3
  • nixos-25.11 3.3
    • nixos-25.11-small 3.3
    • nixpkgs-25.11-darwin 3.3

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-28298
5.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 1 month, 4 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 4 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 month, 4 weeks ago
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Affected products

2026.1.1
  • ==2026.1.1 and previous versions

Matching in nixpkgs

pkgs.discourse

Open source discussion platform

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2026-28297
6.1 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 1 month, 4 weeks ago Activity log
  • Created suggestion 1 month, 4 weeks ago
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Affected products

2026.1.1
  • ==2026.1.1 and previous versions

Matching in nixpkgs

pkgs.discourse

Open source discussion platform

  • nixos-unstable -

Package maintainers