Suggestions search

Untriaged

Filter by:

With package: python313Packages.llama-index-llms-openai-like

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-34606

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Stored XSS in Frappe LMS

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

References

https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2 x_refsource_CONFIRM
https://github.com/frappe/lms/pull/2185 x_refsource_MISC
https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921 x_refsource_MISC
https://github.com/frappe/lms/releases/tag/v2.48.0 x_refsource_MISC

Affected products

lms

==>= 2.27.0, < 2.48.0

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

nixos-unstable 3.74.0
- nixpkgs-unstable 3.74.0
- nixos-unstable-small 3.74.0
nixos-25.11 3.72.1
- nixos-25.11-small 3.72.1
- nixpkgs-25.11-darwin 3.72.1

pkgs.flmsg

Digital modem message program

nixos-unstable 4.0.23
- nixpkgs-unstable 4.0.23
- nixos-unstable-small 4.0.23
nixos-25.11 4.0.23
- nixos-25.11-small 4.0.23
- nixpkgs-25.11-darwin 4.0.23

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

nixos-unstable 4.0.5
- nixpkgs-unstable 4.0.5
- nixos-unstable-small 4.0.5
nixos-25.11 4.0.1
- nixos-25.11-small 4.0.1
- nixpkgs-25.11-darwin 4.0.1

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

nixos-unstable 0.4.8-1
- nixpkgs-unstable 0.4.7-4
- nixos-unstable-small 0.4.8-1
nixos-25.11 0.4.1-1
- nixos-25.11-small 0.4.1-1
- nixpkgs-25.11-darwin 0.4.1-1

pkgs.python312Packages.calmsize

Take a number of bytes and return a human-readable string

nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python313Packages.calmsize

Take a number of bytes and return a human-readable string

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3
nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python313Packages.lmstudio

LM Studio Python SDK

nixos-unstable 1.6.0b1
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.6.0b1

pkgs.python314Packages.calmsize

Take a number of bytes and return a human-readable string

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3

pkgs.python314Packages.lmstudio

LM Studio Python SDK

nixos-unstable 1.6.0b1
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.6.0b1

pkgs.python312Packages.dlms-cosem

Python module to parse DLMS/COSEM

nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.python313Packages.dlms-cosem

Python module to parse DLMS/COSEM

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0
nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.python314Packages.dlms-cosem

Python module to parse DLMS/COSEM

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0

pkgs.python313Packages.llm-lmstudio

Plugin to use local models via LM Studio API with https://llm.datasette.io

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

pkgs.python314Packages.llm-lmstudio

Plugin to use local models via LM Studio API with https://llm.datasette.io

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

pkgs.python312Packages.llama-index-llms-ollama

LlamaIndex LLMS Integration for ollama

nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python312Packages.llama-index-llms-openai

LlamaIndex LLMS Integration for OpenAI

nixos-25.11 0.6.9
- nixos-25.11-small 0.6.9
- nixpkgs-25.11-darwin 0.6.9

pkgs.python313Packages.llama-index-llms-ollama

LlamaIndex LLMS Integration for ollama

nixos-unstable 0.10.0
- nixpkgs-unstable 0.10.0
- nixos-unstable-small 0.10.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.llama-index-llms-openai

LlamaIndex LLMS Integration for OpenAI

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.6.9
- nixos-25.11-small 0.6.9
- nixpkgs-25.11-darwin 0.6.9

pkgs.python312Packages.llama-index-llms-openai-like

LlamaIndex LLMS Integration for OpenAI like

nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

pkgs.python313Packages.llama-index-llms-openai-like

LlamaIndex LLMS Integration for OpenAI like

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

pkgs.pkgsRocm.python3Packages.llama-index-llms-ollama

LlamaIndex LLMS Integration for ollama

nixos-unstable 0.10.0
- nixpkgs-unstable 0.10.0
- nixos-unstable-small 0.10.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.pkgsRocm.python3Packages.llama-index-llms-openai

LlamaIndex LLMS Integration for OpenAI

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.6.9
- nixos-25.11-small 0.6.9
- nixpkgs-25.11-darwin 0.6.9

pkgs.pkgsRocm.python3Packages.llama-index-llms-openai-like

LlamaIndex LLMS Integration for OpenAI like

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

Package maintainers

@dysinger Tim Dysinger <tim@dysinger.net>
@sarcasticadmin Robert James Hernandez <rob@sarcasticadmin.com>
@Lynty Lynn Dong <ltdong93+nix@gmail.com>
@mksafavi MK Safavi <mksafavi@gmail.com>
@crertel Chris Ertel <chris@kedagital.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@jherland Johan Herland <johan@herland.net>
@dwt Martin Häcker <spamfaenger@gmx.de>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Permalink CVE-2026-1106

5.4 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 4 months ago Activity log

Created suggestion 4 months ago

Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.