Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-32095

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 month ago

Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1.

References

https://github.com/useplunk/plunk/security/advisories/GHSA-69jg-7493-cx5x x_refsource_CONFIRM

Affected products

plunk

==< 0.7.1

Matching in nixpkgs

pkgs.graylogPlugins.splunk

Graylog output plugin that forwards one or more streams of data to Splunk via TCP

nixos-unstable 0.5.0-rc.1
- nixpkgs-unstable 0.5.0-rc.1
- nixos-unstable-small 0.5.0-rc.1
nixos-25.11 0.5.0-rc.1
- nixos-25.11-small 0.5.0-rc.1
- nixpkgs-25.11-darwin 0.5.0-rc.1

pkgs.python312Packages.splunk-sdk

The Splunk Enterprise Software Development Kit (SDK) for Python

nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python313Packages.splunk-sdk

The Splunk Enterprise Software Development Kit (SDK) for Python

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python314Packages.splunk-sdk

Splunk Enterprise Software Development Kit (SDK) for Python

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1

pkgs.python312Packages.hass-splunk

Async single threaded connector to Splunk HEC using an asyncio session

nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.python313Packages.hass-splunk

Async single threaded connector to Splunk HEC using an asyncio session

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.python314Packages.hass-splunk

Async single threaded connector to Splunk HEC using an asyncio session

nixos-unstable 0.1.4
- nixpkgs-unstable 0.1.4
- nixos-unstable-small 0.1.4

pkgs.python312Packages.pysigma-backend-splunk

Library to support Splunk for pySigma

nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

pkgs.python313Packages.pysigma-backend-splunk

Library to support Splunk for pySigma

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

pkgs.python314Packages.pysigma-backend-splunk

Library to support Splunk for pySigma

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

Package maintainers

@fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@levigross Levi Gross <levi@levigross.com>