Nixpkgs Security Tracker

Published

Permalink CVE-2026-0777

updated 3 weeks, 3 days ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
31 packages
- libmaxminddb
- phpExtensions.maxminddb
- python312Packages.xmind
- python313Packages.xmind
- python314Packages.xmind
- dotnetPackages.MaxMindDb
- php81Extensions.maxminddb
- php82Extensions.maxminddb
- php83Extensions.maxminddb
- php84Extensions.maxminddb
- php85Extensions.maxminddb
- python312Packages.maxminddb
- python313Packages.maxminddb
- python314Packages.maxminddb
- dotnetPackages.MaxMindGeoIP2
- perlPackages.MaxMindDBCommon
- perlPackages.MaxMindDBReader
- perlPackages.MaxMindDBWriter
- perl5Packages.MaxMindDBCommon
- perl5Packages.MaxMindDBReader
- perl5Packages.MaxMindDBWriter
- perlPackages.MaxMindDBReaderXS
- perl538Packages.MaxMindDBCommon
- perl538Packages.MaxMindDBReader
- perl538Packages.MaxMindDBWriter
- perl540Packages.MaxMindDBCommon
- perl540Packages.MaxMindDBReader
- perl540Packages.MaxMindDBWriter
- perl5Packages.MaxMindDBReaderXS
- perl538Packages.MaxMindDBReaderXS
- perl540Packages.MaxMindDBReaderXS
3 weeks, 3 days ago
@LeSuisse accepted 3 weeks, 3 days ago
@LeSuisse published on GitHub 3 weeks, 3 days ago

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.

References

ZDI-26-069 x_research-advisory

Affected products

Xmind

==24.10.01101-202410202317

Matching in nixpkgs

pkgs.xmind

All-in-one thinking tool featuring mind mapping, AI generation, and real-time collaboration

nixos-unstable 26.01.03145-202510170359
- nixpkgs-unstable 26.01.03145-202510170359
- nixos-unstable-small 26.01.03145-202510170359
nixos-25.11 25.07.03033-202507241842
- nixos-25.11-small 25.07.03033-202507241842
- nixpkgs-25.11-darwin 25.07.03033-202507241842

Ignored packages (31)

pkgs.libmaxminddb

C library for working with MaxMind geolocation DB files

nixos-unstable 1.12.2
- nixpkgs-unstable 1.12.2
- nixos-unstable-small 1.12.2
nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.phpExtensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.python312Packages.xmind

Python module to create mindmaps

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python313Packages.xmind

Python module to create mindmaps

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0
nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python314Packages.xmind

Python module to create mindmaps

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.dotnetPackages.MaxMindDb

None

nixos-unstable 1.1.0.0
- nixpkgs-unstable 1.1.0.0
- nixos-unstable-small 1.1.0.0
nixos-25.11 1.1.0.0
- nixos-25.11-small 1.1.0.0
- nixpkgs-25.11-darwin 1.1.0.0

pkgs.php81Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

pkgs.php82Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.php83Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.php84Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.php85Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.python312Packages.maxminddb

Reader for the MaxMind DB format

nixos-25.11 2.8.2
- nixos-25.11-small 2.8.2
- nixpkgs-25.11-darwin 2.8.2

pkgs.python313Packages.maxminddb

Reader for the MaxMind DB format

nixos-unstable 2.8.2
- nixpkgs-unstable 2.8.2
- nixos-unstable-small 2.8.2
nixos-25.11 2.8.2
- nixos-25.11-small 2.8.2
- nixpkgs-25.11-darwin 2.8.2

pkgs.python314Packages.maxminddb

Reader for the MaxMind DB format

nixos-unstable 2.8.2
- nixpkgs-unstable 2.8.2
- nixos-unstable-small 2.8.2

pkgs.dotnetPackages.MaxMindGeoIP2

None

nixos-unstable 2.3.1
- nixpkgs-unstable 2.3.1
- nixos-unstable-small 2.3.1
nixos-25.11 2.3.1
- nixos-25.11-small 2.3.1
- nixpkgs-25.11-darwin 2.3.1

pkgs.perlPackages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-unstable 0.040001
- nixpkgs-unstable 0.040001
- nixos-unstable-small 0.040001
nixos-25.11 0.040001
- nixos-25.11-small 0.040001
- nixpkgs-25.11-darwin 0.040001

pkgs.perlPackages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-unstable 1.000014
- nixpkgs-unstable 1.000014
- nixos-unstable-small 1.000014
nixos-25.11 1.000014
- nixos-25.11-small 1.000014
- nixpkgs-25.11-darwin 1.000014

pkgs.perlPackages.MaxMindDBWriter

Create MaxMind DB database files

nixos-unstable 0.300003
- nixpkgs-unstable 0.300003
- nixos-unstable-small 0.300003
nixos-25.11 0.300003
- nixos-25.11-small 0.300003
- nixpkgs-25.11-darwin 0.300003

pkgs.perl5Packages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-unstable 0.040001
- nixpkgs-unstable 0.040001
- nixos-unstable-small 0.040001

pkgs.perl5Packages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-unstable 1.000014
- nixpkgs-unstable 1.000014
- nixos-unstable-small 1.000014

pkgs.perl5Packages.MaxMindDBWriter

Create MaxMind DB database files

nixos-unstable 0.300003
- nixpkgs-unstable 0.300003
- nixos-unstable-small 0.300003

pkgs.perlPackages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-unstable 1.000009
- nixpkgs-unstable 1.000009
- nixos-unstable-small 1.000009
nixos-25.11 1.000009
- nixos-25.11-small 1.000009
- nixpkgs-25.11-darwin 1.000009

pkgs.perl538Packages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-25.11 0.040001
- nixos-25.11-small 0.040001
- nixpkgs-25.11-darwin 0.040001

pkgs.perl538Packages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-25.11 1.000014
- nixos-25.11-small 1.000014
- nixpkgs-25.11-darwin 1.000014

pkgs.perl538Packages.MaxMindDBWriter

Create MaxMind DB database files

nixos-25.11 0.300003
- nixos-25.11-small 0.300003
- nixpkgs-25.11-darwin 0.300003

pkgs.perl540Packages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-25.11 0.040001
- nixos-25.11-small 0.040001
- nixpkgs-25.11-darwin 0.040001

pkgs.perl540Packages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-25.11 1.000014
- nixos-25.11-small 1.000014
- nixpkgs-25.11-darwin 1.000014

pkgs.perl540Packages.MaxMindDBWriter

Create MaxMind DB database files

nixos-25.11 0.300003
- nixos-25.11-small 0.300003
- nixpkgs-25.11-darwin 0.300003

pkgs.perl5Packages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-unstable 1.000009
- nixpkgs-unstable 1.000009
- nixos-unstable-small 1.000009

pkgs.perl538Packages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-25.11 1.000009
- nixos-25.11-small 1.000009
- nixpkgs-25.11-darwin 1.000009

pkgs.perl540Packages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-25.11 1.000009
- nixos-25.11-small 1.000009
- nixpkgs-25.11-darwin 1.000009

Package maintainers

@michalrus Michal Rus <m@michalrus.com>

ZDI advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-069/

Apparently mitigated in 26.02

Dismissed

Permalink CVE-2021-47844

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 2 months ago
@LeSuisse removed
24 packages
- libmaxminddb
- phpExtensions.maxminddb
- python312Packages.xmind
- python313Packages.xmind
- dotnetPackages.MaxMindDb
- php81Extensions.maxminddb
- php82Extensions.maxminddb
- php83Extensions.maxminddb
- php84Extensions.maxminddb
- python312Packages.maxminddb
- python313Packages.maxminddb
- dotnetPackages.MaxMindGeoIP2
- perlPackages.MaxMindDBCommon
- perl540Packages.MaxMindDBReaderXS
- perl538Packages.MaxMindDBReaderXS
- perl540Packages.MaxMindDBWriter
- perl540Packages.MaxMindDBReader
- perl540Packages.MaxMindDBCommon
- perl538Packages.MaxMindDBWriter
- perl538Packages.MaxMindDBReader
- perl538Packages.MaxMindDBCommon
- perlPackages.MaxMindDBWriter
- perlPackages.MaxMindDBReader
- perlPackages.MaxMindDBReaderXS
2 months ago
@LeSuisse dismissed 2 months ago

Xmind 2020 - Persistent Cross-Site Scripting

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.

References

Official Xmind Product Homepage product
Proof of Concept Video exploit
VulnCheck Advisory: Xmind 2020 - Persistent Cross-Site Scripting third-party-advisory
ExploitDB-49827 exploit
https://www.vulncheck.com/advisories/xmind-persistent-cross-site-scripting exploit

Affected products

Xmind

==2020

Matching in nixpkgs

pkgs.xmind

All-in-one thinking tool featuring mind mapping, AI generation, and real-time collaboration

nixos-unstable 25.07.03033-202507241842
- nixpkgs-unstable 25.07.03033-202507241842
- nixos-unstable-small 25.07.03033-202507241842

Package maintainers

@michalrus Michal Rus <m@michalrus.com>

Impact an old versions not present in supported nixpkgs branches.

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.xmind

pkgs.libmaxminddb

pkgs.phpExtensions.maxminddb

pkgs.python312Packages.xmind

pkgs.python313Packages.xmind

pkgs.python314Packages.xmind

pkgs.dotnetPackages.MaxMindDb

pkgs.php81Extensions.maxminddb

pkgs.php82Extensions.maxminddb

pkgs.php83Extensions.maxminddb

pkgs.php84Extensions.maxminddb

pkgs.php85Extensions.maxminddb

pkgs.python312Packages.maxminddb

pkgs.python313Packages.maxminddb

pkgs.python314Packages.maxminddb

pkgs.dotnetPackages.MaxMindGeoIP2

pkgs.perlPackages.MaxMindDBCommon

pkgs.perlPackages.MaxMindDBReader

pkgs.perlPackages.MaxMindDBWriter

pkgs.perl5Packages.MaxMindDBCommon

pkgs.perl5Packages.MaxMindDBReader

pkgs.perl5Packages.MaxMindDBWriter

pkgs.perlPackages.MaxMindDBReaderXS

pkgs.perl538Packages.MaxMindDBCommon

pkgs.perl538Packages.MaxMindDBReader

pkgs.perl538Packages.MaxMindDBWriter

pkgs.perl540Packages.MaxMindDBCommon

pkgs.perl540Packages.MaxMindDBReader

pkgs.perl540Packages.MaxMindDBWriter

pkgs.perl5Packages.MaxMindDBReaderXS

pkgs.perl538Packages.MaxMindDBReaderXS

pkgs.perl540Packages.MaxMindDBReaderXS

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.xmind

Package maintainers