Nixpkgs security tracker

Untriaged

Permalink CVE-2026-31863

3.6 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.

References

https://github.com/anyproto/anytype-heart/security/advisories/GHSA-vv3h-7qwr-722v x_refsource_CONFIRM

Affected products

anytype-ts

==< 0.54.5

anytype-cli

==< 0.1.11

anytype-heart

==< 0.48.4

Matching in nixpkgs

pkgs.anytype-heart

Shared library for Anytype clients

nixos-unstable 0.48.1
- nixpkgs-unstable 0.48.1
- nixos-unstable-small 0.48.1
nixos-25.11 0.44.0-nightly.20251220.1
- nixos-25.11-small 0.44.0-nightly.20251220.1
- nixpkgs-25.11-darwin 0.44.0-nightly.20251220.1

Package maintainers

@autrimpo Michal Koutenský <michal@koutensky.net>
@adda0 David Chocholatý <chocholaty.david@protonmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.anytype-heart

Package maintainers