Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-34606

created 1 week, 5 days ago

Stored XSS in Frappe LMS

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

References

https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2 x_refsource_CONFIRM
https://github.com/frappe/lms/pull/2185 x_refsource_MISC
https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921 x_refsource_MISC
https://github.com/frappe/lms/releases/tag/v2.48.0 x_refsource_MISC

Affected products

lms

==>= 2.27.0, < 2.48.0

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

nixos-unstable 3.74.0
- nixpkgs-unstable 3.74.0
- nixos-unstable-small 3.74.0
nixos-25.11 3.72.1
- nixos-25.11-small 3.72.1
- nixpkgs-25.11-darwin 3.72.1

pkgs.flmsg

Digital modem message program

nixos-unstable 4.0.23
- nixpkgs-unstable 4.0.23
- nixos-unstable-small 4.0.23
nixos-25.11 4.0.23
- nixos-25.11-small 4.0.23
- nixpkgs-25.11-darwin 4.0.23

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

nixos-unstable 4.0.5
- nixpkgs-unstable 4.0.5
- nixos-unstable-small 4.0.5
nixos-25.11 4.0.1
- nixos-25.11-small 4.0.1
- nixpkgs-25.11-darwin 4.0.1

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

nixos-unstable 0.4.8-1
- nixpkgs-unstable 0.4.8-1
- nixos-unstable-small 0.4.8-1
nixos-25.11 0.4.1-1
- nixos-25.11-small 0.4.1-1
- nixpkgs-25.11-darwin 0.4.1-1

pkgs.python312Packages.calmsize

Take a number of bytes and return a human-readable string

nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python313Packages.calmsize

Take a number of bytes and return a human-readable string

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3
nixos-25.11 0.1.3
- nixos-25.11-small 0.1.3
- nixpkgs-25.11-darwin 0.1.3

pkgs.python313Packages.lmstudio

LM Studio Python SDK

nixos-unstable 1.6.0b1
- nixpkgs-unstable 1.6.0b1
- nixos-unstable-small 1.6.0b1

pkgs.python314Packages.calmsize

Take a number of bytes and return a human-readable string

nixos-unstable 0.1.3
- nixpkgs-unstable 0.1.3
- nixos-unstable-small 0.1.3

pkgs.python314Packages.lmstudio

LM Studio Python SDK

nixos-unstable 1.6.0b1
- nixpkgs-unstable 1.6.0b1
- nixos-unstable-small 1.6.0b1

pkgs.python312Packages.dlms-cosem

Python module to parse DLMS/COSEM

nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.python313Packages.dlms-cosem

Python module to parse DLMS/COSEM

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0
nixos-25.11 25.1.0
- nixos-25.11-small 25.1.0
- nixpkgs-25.11-darwin 25.1.0

pkgs.python314Packages.dlms-cosem

Python module to parse DLMS/COSEM

nixos-unstable 25.1.0
- nixpkgs-unstable 25.1.0
- nixos-unstable-small 25.1.0

pkgs.python313Packages.llm-lmstudio

Plugin to use local models via LM Studio API with https://llm.datasette.io

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

pkgs.python314Packages.llm-lmstudio

Plugin to use local models via LM Studio API with https://llm.datasette.io

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

pkgs.python312Packages.llama-index-llms-ollama

LlamaIndex LLMS Integration for ollama

nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python312Packages.llama-index-llms-openai

LlamaIndex LLMS Integration for OpenAI

nixos-25.11 0.6.9
- nixos-25.11-small 0.6.9
- nixpkgs-25.11-darwin 0.6.9

pkgs.python313Packages.llama-index-llms-ollama

LlamaIndex LLMS Integration for ollama

nixos-unstable 0.10.0
- nixpkgs-unstable 0.10.0
- nixos-unstable-small 0.10.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.llama-index-llms-openai

LlamaIndex LLMS Integration for OpenAI

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.6.9
- nixos-25.11-small 0.6.9
- nixpkgs-25.11-darwin 0.6.9

pkgs.python312Packages.llama-index-llms-openai-like

LlamaIndex LLMS Integration for OpenAI like

nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

pkgs.python313Packages.llama-index-llms-openai-like

LlamaIndex LLMS Integration for OpenAI like

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

pkgs.pkgsRocm.python3Packages.llama-index-llms-ollama

LlamaIndex LLMS Integration for ollama

nixos-unstable 0.10.0
- nixpkgs-unstable 0.10.0
- nixos-unstable-small 0.10.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.pkgsRocm.python3Packages.llama-index-llms-openai

LlamaIndex LLMS Integration for OpenAI

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.6.9
- nixos-25.11-small 0.6.9
- nixpkgs-25.11-darwin 0.6.9

pkgs.pkgsRocm.python3Packages.llama-index-llms-openai-like

LlamaIndex LLMS Integration for OpenAI like

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.5.3
- nixos-25.11-small 0.5.3
- nixpkgs-25.11-darwin 0.5.3

Package maintainers

@dysinger Tim Dysinger <tim@dysinger.net>
@sarcasticadmin Robert James Hernandez <rob@sarcasticadmin.com>
@Lynty Lynn Dong <ltdong93+nix@gmail.com>
@mksafavi MK Safavi <mksafavi@gmail.com>
@crertel Chris Ertel <chris@kedagital.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@jherland Johan Herland <johan@herland.net>
@dwt Martin Häcker <spamfaenger@gmx.de>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>