Nixpkgs security tracker

Published

Permalink CVE-2026-33392

7.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 6 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse accepted 7 hours ago
@LeSuisse published on GitHub 6 hours ago

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve …

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Affected products

YouTrack

<2025.3.131383

Matching in nixpkgs

pkgs.youtrack

Issue tracking and project management tool for developers

nixos-unstable 2025.3.121962
- nixpkgs-unstable 2025.3.121962
- nixos-unstable-small 2025.3.121962
nixos-25.11 2025.1.86199
- nixos-25.11-small 2025.1.86199
- nixpkgs-25.11-darwin 2025.1.86199

Package maintainers

@leona-ya Leona Maroni <nix@leona.is>
@balsoft Alexander Bantyev <balsoft75@gmail.com>

Published

Permalink CVE-2026-28193

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

In JetBrains YouTrack before 2025.3.121962 apps were able to send …

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Affected products

YouTrack

<2025.3.121962

Matching in nixpkgs

pkgs.youtrack

Issue tracking and project management tool for developers

nixos-unstable 2025.3.121962
- nixpkgs-unstable 2025.3.121962
- nixos-unstable-small 2025.3.121962
nixos-25.11 2025.1.86199
- nixos-25.11-small 2025.1.86199
- nixpkgs-25.11-darwin 2025.1.86199

Package maintainers

@leona-ya Leona Maroni <nix@leona.is>
@balsoft Alexander Bantyev <balsoft75@gmail.com>

Published

Permalink CVE-2026-25846

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 months, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 1 week ago
@LeSuisse accepted 2 months, 1 week ago
@LeSuisse published on GitHub 2 months, 1 week ago

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed …

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Affected products

YouTrack

<2025.3.119033

Matching in nixpkgs

pkgs.youtrack

Issue tracking and project management tool for developers

nixos-unstable 2025.1.86199
- nixpkgs-unstable 2025.1.86199
- nixos-unstable-small 2025.1.86199
nixos-25.11 2025.1.86199
- nixos-25.11-small 2025.1.86199
- nixpkgs-25.11-darwin 2025.1.86199

Package maintainers

@leona-ya Leona Maroni <nix@leona.is>
@balsoft Alexander Bantyev <balsoft75@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.youtrack

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.youtrack

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.youtrack

Package maintainers