Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0264

7.2 HIGH

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): High (H)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): Low (L)
Subsequent System Impact Integrity (SI): Low (L)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Automatable (AU): Yes (Y)
Recovery (R): User (U)
Value Density (V): Concentrated (C)
Vulnerability Response Effort (RE): High (H)
Provider Urgency (U): Red (Red)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Low (L)
Modified Subsequent System Impact Integrity (MSI): Low (L)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

References

https://security.paloaltonetworks.com/CVE-2026-0264 vendor-advisory

Affected products

PAN-OS

<10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34
<12.1.7, 12.1.4-h5
<11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
<11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17

Cloud NGFW

==All

Prisma Access

==All

Matching in nixpkgs

pkgs.python312Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python313Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5
nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python314Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

Package maintainers

@jherland Johan Herland <johan@herland.net>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-29205

8.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

Incorrect privileges management and insufficient path filtering allow to read …

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

References

https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-2…

Affected products

cPanel

<11.126.0.59
<11.136.0.10
<11.130.0.23
<11.124.0.38
<11.134.0.26
<11.132.0.32

WP Squared

<11.136.1.12

Matching in nixpkgs

pkgs.perlPackages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable 4.37
- nixpkgs-unstable 4.37
- nixos-unstable-small 4.37
nixos-25.11 4.37
- nixos-25.11-small 4.37
- nixpkgs-25.11-darwin 4.37

pkgs.perl5Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable 4.37
- nixpkgs-unstable 4.37
- nixos-unstable-small 4.37

pkgs.perl538Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-25.11 4.37
- nixos-25.11-small 4.37
- nixpkgs-25.11-darwin 4.37

pkgs.perl540Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-25.11 4.37
- nixos-25.11-small 4.37
- nixpkgs-25.11-darwin 4.37

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-41132

6.6 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

CKAN: No certificate validation on STMP connection

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2.10.10 and 2.11.5.

References

https://github.com/ckan/ckan/security/advisories/GHSA-mpfm-fpgx-647q x_refsource_CONFIRM

Affected products

ckan

==< 2.10.10
==>= 2.11.0, < 2.11.5

Matching in nixpkgs

pkgs.ckan

Mod manager for Kerbal Space Program

nixos-unstable 1.36.2
- nixpkgs-unstable 1.36.2
- nixos-unstable-small 1.36.2
nixos-25.11 1.36.0
- nixos-25.11-small 1.36.0
- nixpkgs-25.11-darwin 1.36.0

Package maintainers

@Baughn Svein Ove Aas <sveina@gmail.com>
@nullcubee NullCube <nullcub3@gmail.com>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0257

4.7 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): Low (L)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): High (H)
Subsequent System Impact Integrity (SI): High (H)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Automatable (AU): No (N)
Recovery (R): Automatic (A)
Value Density (V): Diffuse (D)
Vulnerability Response Effort (RE): Moderate (M)
Provider Urgency (U): Amber (Amber)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): High (H)
Modified Subsequent System Impact Integrity (MSI): High (H)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

References

https://security.paloaltonetworks.com/CVE-2026-0257 vendor-advisory

Affected products

PAN-OS

<10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34
<12.1.7, 12.1.4-h6
<11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
<11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17

Cloud NGFW

==All

Prisma Access

<10.2.10-h36
<11.2.7-h13

Matching in nixpkgs

pkgs.python312Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python313Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5
nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python314Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

Package maintainers

@jherland Johan Herland <johan@herland.net>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-42031

8.3 HIGH

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): Present (P)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): High (H)
Vulnerable System Impact Integrity (VI): Low (L)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
Modified Vulnerable System Impact Integrity (MVI): Low (L)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

References

https://github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg x_refsource_CONFIRM

Affected products

ckan

==< 2.10.10
==>= 2.11.0, < 2.11.5

Matching in nixpkgs

pkgs.ckan

Mod manager for Kerbal Space Program

nixos-unstable 1.36.2
- nixpkgs-unstable 1.36.2
- nixos-unstable-small 1.36.2
nixos-25.11 1.36.0
- nixos-25.11-small 1.36.0
- nixpkgs-25.11-darwin 1.36.0

Package maintainers

@Baughn Svein Ove Aas <sveina@gmail.com>
@nullcubee NullCube <nullcub3@gmail.com>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-44455

4.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx() or createElement() APIs during server-side rendering, specially crafted values may break out of the intended element context and inject unintended HTML. This vulnerability is fixed in 4.12.16.

References

https://github.com/honojs/hono/security/advisories/GHSA-69xw-7hcm-h432 x_refsource_CONFIRM

Affected products

hono

==< 4.12.16

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.12.0
- nixos-25.11-small 4.12.0
- nixpkgs-25.11-darwin 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.12.0
- nixos-25.11-small 0.12.0
- nixpkgs-25.11-darwin 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.typstPackages.phonokit

A toolkit to create phonological representations

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1
nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python314Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1

pkgs.typstPackages.phonokit_0_0_1

Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories

nixos-unstable 0.0.1
- nixpkgs-unstable 0.0.1
- nixos-unstable-small 0.0.1

pkgs.typstPackages.phonokit_0_2_0

Create phonological representations

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.typstPackages.phonokit_0_3_0

A toolkit to create phonological representations

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.typstPackages.phonokit_0_3_5

A toolkit to create phonological representations

nixos-unstable 0.3.5
- nixpkgs-unstable 0.3.5
- nixos-unstable-small 0.3.5

pkgs.typstPackages.phonokit_0_3_6

A toolkit to create phonological representations

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

pkgs.typstPackages.phonokit_0_3_7

A toolkit to create phonological representations

nixos-unstable 0.3.7
- nixpkgs-unstable 0.3.7
- nixos-unstable-small 0.3.7

pkgs.typstPackages.phonokit_0_4_0

A toolkit to create phonological representations

nixos-unstable 0.4.0
- nixpkgs-unstable 0.4.0
- nixos-unstable-small 0.4.0

pkgs.typstPackages.phonokit_0_4_1

A toolkit to create phonological representations

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1

pkgs.typstPackages.phonokit_0_4_5

A toolkit to create phonological representations

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.typstPackages.phonokit_0_4_6

A toolkit to create phonological representations

nixos-unstable 0.4.6
- nixpkgs-unstable 0.4.6
- nixos-unstable-small 0.4.6

pkgs.typstPackages.phonokit_0_5_0

A toolkit to create phonological representations

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

pkgs.typstPackages.phonokit_0_5_1

A toolkit to create phonological representations

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1

pkgs.typstPackages.phonokit_0_5_2

A toolkit to create phonological representations

nixos-unstable 0.5.2
- nixpkgs-unstable 0.5.2
- nixos-unstable-small 0.5.2

pkgs.typstPackages.phonokit_0_5_3

A toolkit to create phonological representations

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.typstPackages.phonokit_0_5_4

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.typstPackages.phonokit_0_5_5

A toolkit to create phonological representations

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

pkgs.typstPackages.phonokit_0_5_6

A toolkit to create phonological representations

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6

pkgs.typstPackages.phonokit_0_5_7

A toolkit to create phonological representations

nixos-unstable 0.5.7
- nixpkgs-unstable 0.5.7
- nixos-unstable-small 0.5.7

pkgs.typstPackages.phonokit_0_5_8

A toolkit to create phonological representations

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python314Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

Package maintainers

@K900 Ilya K. <me@0upti.me>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@NickCao Nick Cao <nickcao@nichi.co>
@FRidh Frederik Rietdijk <fridh@fridh.nl>
@bkchr Bastian Köcher <nixos@kchr.de>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@CHN-beta Haonan Chen <chn@chn.moe>
@PsyanticY Psyanticy <iuns@outlook.fr>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0263

7.2 HIGH

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): High (H)
Vulnerable System Impact Integrity (VI): High (H)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): Low (L)
Subsequent System Impact Integrity (SI): Low (L)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Automatable (AU): Yes (Y)
Recovery (R): User (U)
Value Density (V): Concentrated (C)
Vulnerability Response Effort (RE): High (H)
Provider Urgency (U): Red (Red)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
Modified Vulnerable System Impact Integrity (MVI): High (H)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Low (L)
Modified Subsequent System Impact Integrity (MSI): Low (L)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.

References

https://security.paloaltonetworks.com/CVE-2026-0263 vendor-advisory

Affected products

PAN-OS

<12.1.7, 12.1.4-h5
<11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
==10.2.0
<11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17

Cloud NGFW

==All

Prisma Access

==All

Matching in nixpkgs

pkgs.python312Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python313Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5
nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python314Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

Package maintainers

@jherland Johan Herland <johan@herland.net>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-0262

6.6 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Unreported (U)
Automatable (AU): No (N)
Recovery (R): User (U)
Value Density (V): Concentrated (C)
Vulnerability Response Effort (RE): Moderate (M)
Provider Urgency (U): Amber (Amber)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these vulnerabilities.

References

https://security.paloaltonetworks.com/CVE-2026-0262 vendor-advisory

Affected products

PAN-OS

<10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34
<12.1.7, 12.1.4-h5
<11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33
<11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17

Cloud NGFW

==All

Prisma Access

<10.2.10-h36
<11.2.7-h13

Matching in nixpkgs

pkgs.python312Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python313Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5
nixos-25.11 1.12.3
- nixos-25.11-small 1.12.3
- nixpkgs-25.11-darwin 1.12.3

pkgs.python314Packages.pan-os-python

Palo Alto Networks PAN-OS SDK for Python

nixos-unstable 1.12.5
- nixpkgs-unstable 1.12.5
- nixos-unstable-small 1.12.5

Package maintainers

@jherland Johan Herland <johan@herland.net>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-29206

8.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script …

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

References

https://support.cpanel.net/hc/en-us/articles/40437213099159-Security-CVE-2026-2…

Affected products

cPanel

<11.126.0.59
<11.94.0.31
<11.136.0.10
<11.130.0.23
<11.102.0.42
<11.118.0.67
<11.110.0.119
<11.86.0.44
<11.134.0.26
<11.124.0.38
<11.132.0.32

WP Squared

<11.136.1.12

cPanel (CloudLinux 6, CentOS 6)

<11.110.0.118

Matching in nixpkgs

pkgs.perlPackages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable 4.37
- nixpkgs-unstable 4.37
- nixos-unstable-small 4.37
nixos-25.11 4.37
- nixos-25.11-small 4.37
- nixpkgs-25.11-darwin 4.37

pkgs.perl5Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable 4.37
- nixpkgs-unstable 4.37
- nixos-unstable-small 4.37

pkgs.perl538Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-25.11 4.37
- nixos-25.11-small 4.37
- nixpkgs-25.11-darwin 4.37

pkgs.perl540Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-25.11 4.37
- nixos-25.11-small 4.37
- nixpkgs-25.11-darwin 4.37

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-44457

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 3 days ago

Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. This vulnerability is fixed in 4.12.18.