Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-39407

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 days, 16 hours ago

Hono has a middleware bypass via repeated slashes in serveStatic

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes (//) in the request path. When route-based middleware (e.g., /admin/*) is used for authorization, the router may not match paths containing repeated slashes, while serveStatic resolves them as normalized paths. This can lead to a middleware bypass. This vulnerability is fixed in 4.12.12.

References

https://github.com/honojs/hono/security/advisories/GHSA-wmmm-f939-6g9c x_refsource_CONFIRM
https://github.com/honojs/hono/commit/9aff14bd727f8b0435c963363fd803260e7b8e3c x_refsource_MISC
https://github.com/honojs/hono/releases/tag/v4.12.12 x_refsource_MISC

Affected products

hono

==< 4.12.12

Matching in nixpkgs

pkgs.libsForQt5.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.kdePackages.phonon

Multi-platform sound framework for application developers

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.12.0
- nixos-25.11-small 4.12.0
- nixpkgs-25.11-darwin 4.12.0

pkgs.kdePackages.phonon-vlc

VLC backend for the Phonon multimedia library

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.12.0
- nixos-25.11-small 0.12.0
- nixpkgs-25.11-darwin 0.12.0

pkgs.plasma5Packages.phonon

Multimedia API for Qt

nixos-unstable 4.11.1
- nixpkgs-unstable 4.11.1
- nixos-unstable-small 4.11.1
nixos-25.11 4.11.1
- nixos-25.11-small 4.11.1
- nixpkgs-25.11-darwin 4.11.1

pkgs.typstPackages.phonokit

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.python312Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python313Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.43.2
- nixos-25.11-small 2.43.2
- nixpkgs-25.11-darwin 2.43.2

pkgs.python314Packages.phonopy

Modulefor phonon calculations at harmonic and quasi-harmonic levels

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1

pkgs.typstPackages.phonokit_0_0_1

Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories

nixos-unstable 0.0.1
- nixpkgs-unstable 0.0.1
- nixos-unstable-small 0.0.1

pkgs.typstPackages.phonokit_0_2_0

Create phonological representations

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.typstPackages.phonokit_0_3_0

A toolkit to create phonological representations

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.typstPackages.phonokit_0_3_5

A toolkit to create phonological representations

nixos-unstable 0.3.5
- nixpkgs-unstable 0.3.5
- nixos-unstable-small 0.3.5

pkgs.typstPackages.phonokit_0_3_6

A toolkit to create phonological representations

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

pkgs.typstPackages.phonokit_0_3_7

A toolkit to create phonological representations

nixos-unstable 0.3.7
- nixpkgs-unstable 0.3.7
- nixos-unstable-small 0.3.7

pkgs.typstPackages.phonokit_0_4_0

A toolkit to create phonological representations

nixos-unstable 0.4.0
- nixpkgs-unstable 0.4.0
- nixos-unstable-small 0.4.0

pkgs.typstPackages.phonokit_0_4_1

A toolkit to create phonological representations

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1

pkgs.typstPackages.phonokit_0_4_5

A toolkit to create phonological representations

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.typstPackages.phonokit_0_4_6

A toolkit to create phonological representations

nixos-unstable 0.4.6
- nixpkgs-unstable 0.4.6
- nixos-unstable-small 0.4.6

pkgs.typstPackages.phonokit_0_5_0

A toolkit to create phonological representations

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

pkgs.typstPackages.phonokit_0_5_1

A toolkit to create phonological representations

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1

pkgs.typstPackages.phonokit_0_5_2

A toolkit to create phonological representations

nixos-unstable 0.5.2
- nixpkgs-unstable 0.5.2
- nixos-unstable-small 0.5.2

pkgs.typstPackages.phonokit_0_5_3

A toolkit to create phonological representations

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.typstPackages.phonokit_0_5_4

A toolkit to create phonological representations

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4

pkgs.libsForQt5.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.python312Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python313Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
nixos-25.11 7.8.1.1
- nixos-25.11-small 7.8.1.1
- nixpkgs-25.11-darwin 7.8.1.1

pkgs.python314Packages.pythonocc-core

Python wrapper for the OpenCASCADE 3D modeling kernel

nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31

pkgs.plasma5Packages.phonon-backend-vlc

GStreamer backend for Phonon

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.libsForQt5.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

pkgs.plasma5Packages.phonon-backend-gstreamer

GStreamer backend for Phonon

nixos-unstable 4.10.0
- nixpkgs-unstable 4.10.0
- nixos-unstable-small 4.10.0
nixos-25.11 4.10.0
- nixos-25.11-small 4.10.0
- nixpkgs-25.11-darwin 4.10.0

Package maintainers

@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@K900 Ilya K. <me@0upti.me>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@PsyanticY Psyanticy <iuns@outlook.fr>
@CHN-beta Haonan Chen <chn@chn.moe>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth