Nixpkgs security tracker

Untriaged

Permalink CVE-2026-30955

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Gokapi vulnerable to DoS in E2E Metadata Parser

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

References

https://github.com/Forceu/Gokapi/security/advisories/GHSA-qwc6-vc2v-2ggj x_refsource_CONFIRM
https://github.com/Forceu/Gokapi/releases/tag/v2.2.4 x_refsource_MISC

Affected products

Gokapi

==< 2.2.4

Matching in nixpkgs

pkgs.gokapi

Lightweight selfhosted Firefox Send alternative without public upload

nixos-unstable 2.2.3
- nixpkgs-unstable 2.2.3
- nixos-unstable-small 2.2.4
nixos-25.11 2.1.0
- nixos-25.11-small 2.1.0
- nixpkgs-25.11-darwin 2.1.0

Package maintainers

@delliottxyz Darragh Elliott <me+git@delliott.xyz>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.gokapi

Package maintainers