Nixpkgs security tracker

Untriaged

Permalink CVE-2026-31877

created 1 month ago

Frappe SQL Injection due to improper field sanitization

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0.

References

https://github.com/frappe/frappe/security/advisories/GHSA-2c4m-999q-xhx4 x_refsource_CONFIRM

Affected products

frappe

==>= 15.0.0, < 15.84.0
==< 14.99.0

Matching in nixpkgs

pkgs.nixos-artwork.wallpapers.catppuccin-frappe

Catppuccin Frappé colorscheme wallpaper for NixOS

nixos-unstable 2024-02-15
- nixpkgs-unstable 2024-02-15
- nixos-unstable-small 2024-02-15
nixos-25.11 2024-02-15
- nixos-25.11-small 2024-02-15
- nixpkgs-25.11-darwin 2024-02-15

pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe

Catppuccin Frappe wallpaper for Nix inspired by simpler times

nixos-unstable 2025-01-27
- nixpkgs-unstable 2025-01-27
- nixos-unstable-small 2025-01-27
nixos-25.11 2025-01-27
- nixos-25.11-small 2025-01-27
- nixpkgs-25.11-darwin 2025-01-27

pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe-alt

Alternative Catppuccin Frappe wallpaper for Nix inspired by simpler times