Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-39339

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 1 week ago

ChurchCRM has an API Authentication Bypass

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php) allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere in the request URL, leading to complete exposure of church member data and system information. This vulnerability is fixed in 7.1.0.

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-v3p2-mx78-pxhc x_refsource_CONFIRM
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-v3p2-mx78-pxhc exploit

Affected products

CRM

==< 7.1.0

Matching in nixpkgs

pkgs.ocrmypdf

Adds an OCR text layer to scanned PDF files, allowing them to be searched

nixos-unstable 17.4.0
- nixpkgs-unstable 17.4.0
- nixos-unstable-small 17.4.1
nixos-25.11 16.12.0
- nixos-25.11-small 16.12.0
- nixpkgs-25.11-darwin 16.12.0

pkgs.python312Packages.ocrmypdf

Adds an OCR text layer to scanned PDF files, allowing them to be searched

nixos-25.11 16.12.0
- nixos-25.11-small 16.12.0
- nixpkgs-25.11-darwin 16.12.0

pkgs.python313Packages.ocrmypdf

Adds an OCR text layer to scanned PDF files, allowing them to be searched

nixos-unstable 17.4.0
- nixpkgs-unstable 17.4.0
- nixos-unstable-small 17.4.1
nixos-25.11 16.12.0
- nixos-25.11-small 16.12.0
- nixpkgs-25.11-darwin 16.12.0

pkgs.python314Packages.ocrmypdf

Adds an OCR text layer to scanned PDF files, allowing them to be searched

nixos-unstable 17.4.0
- nixpkgs-unstable 17.4.0
- nixos-unstable-small 17.4.1

pkgs.python313Packages.ocrmypdf_16

Adds an OCR text layer to scanned PDF files, allowing them to be searched

nixos-unstable 16.13.0
- nixpkgs-unstable 16.13.0
- nixos-unstable-small 16.13.0

pkgs.python314Packages.ocrmypdf_16

Adds an OCR text layer to scanned PDF files, allowing them to be searched

nixos-unstable 16.13.0
- nixpkgs-unstable 16.13.0
- nixos-unstable-small 16.13.0

pkgs.wordpressPackages.plugins.civicrm

None

nixos-unstable 6.2.0
- nixpkgs-unstable 6.2.0
- nixos-unstable-small 6.2.0
nixos-25.11 6.2.0
- nixos-25.11-small 6.2.0
- nixpkgs-25.11-darwin 6.2.0

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>