Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-25957

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months ago

Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

References

https://github.com/cube-js/cube/security/advisories/GHSA-9vph-2hvm-x66g x_refsource_CONFIRM
https://github.com/cube-js/cube/security/advisories/GHSA-9vph-2hvm-x66g x_refsource_CONFIRM

Affected products

cube

==>= 1.5.0, < 1.5.13
==>= 1.1.17, < 1.4.2

Matching in nixpkgs

pkgs.cubeb

Cross platform audio library

nixos-unstable 0-unstable-2025-07-10
- nixpkgs-unstable 0-unstable-2026-01-23
- nixos-unstable-small 0-unstable-2026-01-23
nixos-25.11 0-unstable-2025-09-17
- nixpkgs-25.11-darwin 0-unstable-2025-09-17

pkgs.kmscube

Example OpenGL app using KMS/GBM

nixos-unstable 2023-09-25
- nixpkgs-unstable 2023-09-25
- nixos-unstable-small 2023-09-25
nixos-25.11 2023-09-25
- nixpkgs-25.11-darwin 2023-09-25

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

nixos-unstable -
- nixpkgs-unstable 1.5.1
- nixos-unstable-small 1.5.1
nixos-25.11 1.5.1
- nixpkgs-25.11-darwin 1.5.1

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

nixos-unstable 3.0.4
- nixpkgs-unstable 3.0.5
- nixos-unstable-small 3.0.5
nixos-25.11 3.0.5
- nixpkgs-25.11-darwin 3.0.5

pkgs.roundcube

Open Source Webmail Software

nixos-unstable 1.6.11
- nixpkgs-unstable 1.6.12
- nixos-unstable-small 1.6.12
nixos-25.11 1.6.12
- nixpkgs-25.11-darwin 1.6.12

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

nixos-unstable 1.3.7
- nixpkgs-unstable 1.3.7
- nixos-unstable-small 1.3.7
nixos-25.11 1.3.7
- nixpkgs-25.11-darwin 1.3.7

pkgs.metacubexd

Clash.Meta Dashboard, The Official One, XD

nixos-unstable 1.188.1
- nixpkgs-unstable 1.192.0
- nixos-unstable-small 1.192.0
nixos-25.11 1.192.0
- nixpkgs-25.11-darwin 1.192.0

pkgs.assaultcube

Fast and fun first-person-shooter based on the Cube fps

nixos-unstable 1.3.0.2
- nixpkgs-unstable 1.3.0.2
- nixos-unstable-small 1.3.0.2
nixos-25.11 1.3.0.2
- nixpkgs-25.11-darwin 1.3.0.2

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

nixos-unstable 6.14.0
- nixpkgs-unstable 6.15.0
- nixos-unstable-small 6.15.0
nixos-25.11 6.15.0
- nixpkgs-25.11-darwin 6.15.0

pkgs.gamecube-tools

Tools for gamecube/wii projects

pkgs.hyperspeedcube

Hyperspeedcube is a 3D and 4D Rubik's cube simulator

nixos-unstable 1.0.12
- nixpkgs-unstable 1.0.12
- nixos-unstable-small 1.0.12
nixos-25.11 1.0.12
- nixpkgs-25.11-darwin 1.0.12

pkgs.dockapps.wmcube

System monitor for Windowmaker

nixos-unstable -
- nixpkgs-unstable 2023-10-11
- nixos-unstable-small 2023-10-11
nixos-25.11 2023-10-11
- nixpkgs-25.11-darwin 2023-10-11

pkgs.idrisPackages.cube

Implementation of the Lambda Cube in Idris

nixos-unstable 2017-07-05
- nixpkgs-unstable 2017-07-05
- nixos-unstable-small 2017-07-05
nixos-25.11 2017-07-05
- nixpkgs-25.11-darwin 2017-07-05

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.kdePackages.kjumpingcube

KJumpingCube is a simple tactical game

nixos-unstable 25.04.3
- nixpkgs-unstable 25.12.1
- nixos-unstable-small 25.12.1
nixos-25.11 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.roundcubePlugins.carddav

None

nixos-unstable -
- nixpkgs-unstable 4.4.6
- nixos-unstable-small 4.4.6
nixos-25.11 4.4.6
- nixpkgs-25.11-darwin 4.4.6

pkgs.gnomeExtensions.desktop-cube

Indulge in nostalgia with useless 3D effects.

nixos-unstable 28
- nixpkgs-unstable 30
- nixos-unstable-small 30
nixos-25.11 30
- nixpkgs-25.11-darwin 30

pkgs.phpExtensions.ioncube-loader

Use ionCube-encoded files on a web server

nixos-unstable -
- nixpkgs-unstable 14.4.1
- nixos-unstable-small 14.4.1
nixos-25.11 14.4.1
- nixpkgs-25.11-darwin 14.4.1

pkgs.python312Packages.complycube

Official Python client for the ComplyCube API

nixos-unstable 1.1.6
nixos-25.11 1.1.6
- nixpkgs-25.11-darwin 1.1.6

pkgs.python313Packages.complycube

Official Python client for the ComplyCube API

nixos-unstable 1.1.6
- nixpkgs-unstable 1.1.6
- nixos-unstable-small 1.1.6
nixos-25.11 1.1.6
- nixpkgs-25.11-darwin 1.1.6

pkgs.python314Packages.complycube

Official Python client for the ComplyCube API

nixos-unstable -
- nixpkgs-unstable 1.1.6
- nixos-unstable-small 1.1.6

pkgs.roundcubePlugins.contextmenu

None

nixos-unstable -
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.roundcubePlugins.custom_from

None

nixos-unstable -
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6
nixos-25.11 1.6.6
- nixpkgs-25.11-darwin 1.6.6

pkgs.haskellPackages.resistor-cube

Compute total resistance of a cube of resistors

nixos-unstable 0.0.1.4
- nixpkgs-unstable 0.0.1.4
- nixos-unstable-small 0.0.1.4
nixos-25.11 0.0.1.4
- nixpkgs-25.11-darwin 0.0.1.4

pkgs.python312Packages.maxcube-api

eQ-3/ELV MAX! Cube Python API

nixos-unstable 0.4.3
nixos-25.11 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.python313Packages.maxcube-api

eQ-3/ELV MAX! Cube Python API

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3
nixos-25.11 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.python314Packages.maxcube-api

eQ-3/ELV MAX! Cube Python API

nixos-unstable -
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3

pkgs.haskellPackages.marching-cubes

Marching Cubes

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.php81Extensions.ioncube-loader

Use ionCube-encoded files on a web server

nixos-unstable 14.4.1

pkgs.php82Extensions.ioncube-loader

Use ionCube-encoded files on a web server

nixos-unstable 14.4.1
- nixpkgs-unstable 14.4.1
- nixos-unstable-small 14.4.1
nixos-25.11 14.4.1
- nixpkgs-25.11-darwin 14.4.1

pkgs.php83Extensions.ioncube-loader

Use ionCube-encoded files on a web server

nixos-unstable 14.4.1
- nixpkgs-unstable 14.4.1
- nixos-unstable-small 14.4.1
nixos-25.11 14.4.1
- nixpkgs-25.11-darwin 14.4.1

pkgs.php84Extensions.ioncube-loader

Use ionCube-encoded files on a web server

nixos-unstable 14.4.1

pkgs.haskellPackages.marching-cubes2

Marching Cubes

nixos-unstable cubes2-0.1.0.0
- nixpkgs-unstable cubes2-0.1.0.0
- nixos-unstable-small cubes2-0.1.0.0
nixos-25.11 cubes2-0.1.0.0
- nixpkgs-25.11-darwin cubes2-0.1.0.0

pkgs.python312Packages.spectral-cube

Library for reading and analyzing astrophysical spectral data cubes

nixos-unstable 0.6.6
nixos-25.11 0.6.7
- nixpkgs-25.11-darwin 0.6.7

pkgs.python313Packages.spectral-cube

Library for reading and analyzing astrophysical spectral data cubes

nixos-unstable 0.6.6
- nixpkgs-unstable 0.6.7
- nixos-unstable-small 0.6.7
nixos-25.11 0.6.7
- nixpkgs-25.11-darwin 0.6.7

pkgs.python314Packages.spectral-cube

Library for reading and analyzing astrophysical spectral data cubes

nixos-unstable -
- nixpkgs-unstable 0.6.7
- nixos-unstable-small 0.6.7

pkgs.roundcubePlugins.persistent_login

None

nixos-unstable -
- nixpkgs-unstable 5.3.0
- nixos-unstable-small 5.3.0
nixos-25.11 5.3.0
- nixpkgs-25.11-darwin 5.3.0

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable -
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.home-assistant-component-tests.maxcube

Open source home automation that puts local control and privacy first

nixos-unstable 2025.8.0
nixos-25.11 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.maxcube

Open source home automation that puts local control and privacy first

nixos-unstable -
- nixpkgs-unstable 2026.1.3
- nixos-unstable-small 2026.1.3

Package maintainers

@DarkOnion0 Alexandre Peruggia <darkgenius1@protonmail.com>
@360ied Brian Zhu <therealbarryplayer@gmail.com>
@zhaofengli Zhaofeng Li <hello@zhaofeng.li>
@marcin-serwin Marcin Serwin <marcin@serwin.dev>
@honnip Jung seungwoo <me@honnip.page>
@thielema Henning Thielemann <nix@henning-thielemann.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@OmnipotentEntity Michael Reilly <omnipotententity@gmail.com>
@brainrake Marton Boros <martonboros@gmail.com>
@K900 Ilya K. <me@0upti.me>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@NickCao Nick Cao <nickcao@nichi.co>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@Guanran928 Guanran Wang <guanran928@outlook.com>
@afh Alexis Hildebrandt <surryhill+nix@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@NeverBehave Xinhao Luo <i@never.pet>
@DerDennisOP Dennis <dennish@wuitz.de>
@smaret Sébastien Maret <sebastien.maret@icloud.com>
@globin Robin Gloster <mail@glob.in>
@Vskilet Victor SENE <victor@sene.ovh>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@Sohalt sohalt <nixos@sohalt.net>
@wucke13 Wucke <wucke13@gmail.com>
@angaz Angus Dippenaar
@TomSmeets Tom Smeets <tom.tsmeets@gmail.com>
@RoGreat RoGreat <roguegreat@gmail.com>