Nixpkgs security tracker

Untriaged

Permalink CVE-2026-27190

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month, 4 weeks ago

Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.

References

https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr x_refsource_CONFIRM
https://github.com/denoland/deno/commit/9132ad958c83a0d0b199de12b69b877f63edab4c x_refsource_MISC
https://github.com/denoland/deno/releases/tag/v2.6.8 x_refsource_MISC

Affected products

deno

==< 2.6.8

Matching in nixpkgs

pkgs.deno

Secure runtime for JavaScript and TypeScript

nixos-unstable 2.6.6
- nixpkgs-unstable 2.6.8
- nixos-unstable-small 2.6.9
nixos-25.11 2.5.6
- nixos-25.11-small 2.5.6
- nixpkgs-25.11-darwin 2.5.6

pkgs.speech-denoiser

Speech denoise lv2 plugin based on RNNoise library

nixos-unstable 0-unstable-2018-10-08
- nixpkgs-unstable 0-unstable-2018-10-08
- nixos-unstable-small 0-unstable-2018-10-08
nixos-25.11 0-unstable-2018-10-08
- nixos-25.11-small 0-unstable-2018-10-08
- nixpkgs-25.11-darwin 0-unstable-2018-10-08

pkgs.openimagedenoise

High-Performance Denoising Library for Ray Tracing

nixos-unstable 2.3.3
- nixpkgs-unstable 2.3.3
- nixos-unstable-small 2.3.3
nixos-25.11 2.3.3
- nixos-25.11-small 2.3.3
- nixpkgs-25.11-darwin 2.3.3

pkgs.terraform-providers.deno

None

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python312Packages.denonavr

Automation Library for Denon AVR receivers

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python313Packages.denonavr

Automation Library for Denon AVR receivers

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.haskellPackages.pandoc-sidenote

Convert Pandoc Markdown-style footnotes into sidenotes

nixos-unstable 0.23.0.0
- nixpkgs-unstable 0.23.0.0
- nixos-unstable-small 0.23.0.0
nixos-25.11 0.23.0.0
- nixos-25.11-small 0.23.0.0
- nixpkgs-25.11-darwin 0.23.0.0