Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-27963

4.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers, potentially leading to session hijacking and data exfiltration. Version 2.32.0 contains a patch for the issue.

References

https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-69cp-m725-wf78 x_refsource_CONFIRM
https://github.com/advplyr/audiobookshelf/commit/503f4611b221a5bde19024e657021670df204478 x_refsource_MISC

Affected products

audiobookshelf

==< 2.32.0

Matching in nixpkgs

pkgs.audiobookshelf

Self-hosted audiobook and podcast server

nixos-unstable 2.32.1
- nixpkgs-unstable 2.32.1
- nixos-unstable-small 2.32.1
nixos-25.11 2.31.0
- nixos-25.11-small 2.31.0
- nixpkgs-25.11-darwin 2.31.0

pkgs.pkgsRocm.audiobookshelf

Self-hosted audiobook and podcast server

nixos-unstable 2.32.1
- nixpkgs-unstable 2.32.1
- nixos-unstable-small 2.32.1

pkgs.python312Packages.aioaudiobookshelf

Async python library to interact with Audiobookshelf

nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.python313Packages.aioaudiobookshelf

Async python library to interact with Audiobookshelf

nixos-unstable 0.1.13
- nixpkgs-unstable 0.1.13
- nixos-unstable-small 0.1.13
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.python314Packages.aioaudiobookshelf

Async python library to interact with Audiobookshelf

nixos-unstable 0.1.13
- nixpkgs-unstable 0.1.13
- nixos-unstable-small 0.1.13

Package maintainers

@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
@jvanbruegge Jan van Brügge <supermanitu@gmail.com>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@tebriel tebriel <tebriel@frodux.in>