Nixpkgs security tracker

Published

Permalink CVE-2026-32726

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was covered by a token's authorized scope path. Because the check did not require a path-segment boundary, a token scoped to one path could incorrectly authorize access to sibling paths that merely started with the same prefix. This issue has been patched in version 1.4.1.

References

https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-32jq x_refsource_CONFIRM
https://github.com/scitokens/scitokens-cpp/commit/decfe2f00cb9cabbf1e17a3bb2cd4ea1bbbd8a73 x_refsource_MISC
https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-3… exploit

Affected products

scitokens-cpp

==< 1.4.1

Matching in nixpkgs

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

Package maintainers

@lub-dub evey <nix@lubdub.nl>

Advisory: https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-32jq
Patch: https://github.com/scitokens/scitokens-cpp/commit/decfe2f00cb9cabbf1e17a3bb2cd4ea1bbbd8a73

Published

Permalink CVE-2026-32725

8.3 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): LOW

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

SciTokens C++: Relative Path Traversal Vulnerability

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses ".." path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1.

References

https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp x_refsource_CONFIRM
https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08 x_refsource_MISC

Affected products

scitokens-cpp

==< 1.4.1

Matching in nixpkgs

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

Package maintainers

@lub-dub evey <nix@lubdub.nl>

Advisory: https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp
Patch: https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08

Published

Permalink CVE-2026-32727

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

SciTokens: Authorization Bypass via Path Traversal in Scope Validation

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path (from the token) and the requested path (from the application) before comparing them using startswith. This issue has been patched in version 1.9.7.

References

https://github.com/scitokens/scitokens/security/advisories/GHSA-3x2w-63fp-3qvw x_refsource_CONFIRM
https://github.com/scitokens/scitokens/pull/230 x_refsource_MISC
https://github.com/scitokens/scitokens/commit/2d1cc9e42bc944fe0bbc429b85d166e7156d53f9 x_refsource_MISC
https://github.com/scitokens/scitokens/releases/tag/v1.9.7 x_refsource_MISC

Affected products

scitokens

==< 1.9.7

Matching in nixpkgs

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

Package maintainers

@lub-dub evey <nix@lubdub.nl>

Advisory: https://github.com/scitokens/scitokens/security/advisories/GHSA-3x2w-63fp-3qvw
Patch: https://github.com/scitokens/scitokens/commit/2d1cc9e42bc944fe0bbc429b85d166e7156d53f9

Published

Permalink CVE-2026-32714

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (such as issuer and key_id). This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. This issue has been patched in version 1.9.6.

References

https://github.com/scitokens/scitokens/security/advisories/GHSA-rh5m-2482-966c x_refsource_CONFIRM
https://github.com/scitokens/scitokens/commit/3dba108853f2f4a6c0f2325c03779bf083c41cf2 x_refsource_MISC
https://github.com/scitokens/scitokens/releases/tag/v1.9.6 x_refsource_MISC
https://github.com/scitokens/scitokens/security/advisories/GHSA-rh5m-2482-966c exploit

Affected products

scitokens

==< 1.9.6

Matching in nixpkgs

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

Package maintainers

@lub-dub evey <nix@lubdub.nl>

Advisory: https://github.com/scitokens/scitokens/security/advisories/GHSA-rh5m-2482-966c
Patch: https://github.com/scitokens/scitokens/commit/3dba108853f2f4a6c0f2325c03779bf083c41cf2

Published

Permalink CVE-2026-32716

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match (startswith). This allows a token with access to a specific path (e.g., /john) to also access sibling paths that start with the same prefix (e.g., /johnathan, /johnny), which is an Authorization Bypass. This issue has been patched in version 1.9.6.

References

https://github.com/scitokens/scitokens/security/advisories/GHSA-w8fp-g9rh-34jh x_refsource_CONFIRM
https://github.com/scitokens/scitokens/commit/7a237c0f642efb9e8c36ac564b745895cca83583 x_refsource_MISC
https://github.com/scitokens/scitokens/releases/tag/v1.9.6 x_refsource_MISC

Affected products

scitokens

==< 1.9.6

Matching in nixpkgs

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

Package maintainers

@lub-dub evey <nix@lubdub.nl>

Advisory: https://github.com/scitokens/scitokens/security/advisories/GHSA-w8fp-g9rh-34jh
Patch: https://github.com/scitokens/scitokens/commit/7a237c0f642efb9e8c36ac564b745895cca83583

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.scitokens-cpp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.scitokens-cpp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.scitokens-cpp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.scitokens-cpp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.scitokens-cpp

Package maintainers