Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-39410

4.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 days, 18 hours ago

Hono has a non-breaking space prefix bypass in cookie name handling in getCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse() handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse(), allowing attacker-controlled cookies to override legitimate ones. This vulnerability is fixed in 4.12.12.

References

https://github.com/honojs/hono/security/advisories/GHSA-r5rp-j6wh-rvv4 x_refsource_CONFIRM
https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0 x_refsource_MISC
https://github.com/honojs/hono/releases/tag/v4.12.12 x_refsource_MISC

Affected products

hono

==< 4.12.12

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.12.0
- nixos-25.11-small 4.12.0
- nixpkgs-25.11-darwin 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.12.0
- nixos-25.11-small 0.12.0
- nixpkgs-25.11-darwin 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.typstPackages.phonokit

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python314Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1

pkgs.typstPackages.phonokit_0_0_1

Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories

nixos-unstable 0.0.1
- nixpkgs-unstable 0.0.1
- nixos-unstable-small 0.0.1

pkgs.typstPackages.phonokit_0_2_0

Create phonological representations

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.typstPackages.phonokit_0_3_0

A toolkit to create phonological representations

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.typstPackages.phonokit_0_3_5

A toolkit to create phonological representations

nixos-unstable 0.3.5
- nixpkgs-unstable 0.3.5
- nixos-unstable-small 0.3.5

pkgs.typstPackages.phonokit_0_3_6

A toolkit to create phonological representations

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

pkgs.typstPackages.phonokit_0_3_7

A toolkit to create phonological representations

nixos-unstable 0.3.7
- nixpkgs-unstable 0.3.7
- nixos-unstable-small 0.3.7

pkgs.typstPackages.phonokit_0_4_0

A toolkit to create phonological representations

nixos-unstable 0.4.0
- nixpkgs-unstable 0.4.0
- nixos-unstable-small 0.4.0

pkgs.typstPackages.phonokit_0_4_1

A toolkit to create phonological representations

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1

pkgs.typstPackages.phonokit_0_4_5

A toolkit to create phonological representations

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.typstPackages.phonokit_0_4_6

A toolkit to create phonological representations

nixos-unstable 0.4.6
- nixpkgs-unstable 0.4.6
- nixos-unstable-small 0.4.6

pkgs.typstPackages.phonokit_0_5_0

A toolkit to create phonological representations

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

pkgs.typstPackages.phonokit_0_5_1

A toolkit to create phonological representations

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1

pkgs.typstPackages.phonokit_0_5_2

A toolkit to create phonological representations

nixos-unstable 0.5.2
- nixpkgs-unstable 0.5.2
- nixos-unstable-small 0.5.2

pkgs.typstPackages.phonokit_0_5_3

A toolkit to create phonological representations

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.typstPackages.phonokit_0_5_4

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python314Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

Package maintainers

@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@K900 Ilya K. <me@0upti.me>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@PsyanticY Psyanticy <iuns@outlook.fr>
@CHN-beta Haonan Chen <chn@chn.moe>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth