Nixpkgs security tracker

Untriaged

Permalink CVE-2026-40161

7.7 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 day, 4 hours ago Activity log

Created suggestion 1 day, 4 hours ago

Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint.

References

https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff x_refsource_CONFIRM
https://github.com/tektoncd/pipeline/issues/9608 x_refsource_MISC
https://github.com/tektoncd/pipeline/issues/9609 x_refsource_MISC

Affected products

pipeline

==>= 1.0.0, <= 1.10.0

Matching in nixpkgs

pkgs.pipeline

Watch YouTube and PeerTube videos in one place

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.1.1
- nixos-25.11-small 3.1.1
- nixpkgs-25.11-darwin 3.1.1

pkgs.libpipeline

C library for manipulating pipelines of subprocesses in a flexible and convenient way

nixos-unstable 1.5.8
- nixpkgs-unstable 1.5.8
- nixos-unstable-small 1.5.8
nixos-25.11 1.5.8
- nixos-25.11-small 1.5.8
- nixpkgs-25.11-darwin 1.5.8

pkgs.haskellPackages.pipeline

Continuation patterns

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.rubyPackages.html-pipeline

None

nixos-unstable 2.14.3
- nixpkgs-unstable 2.14.3
- nixos-unstable-small 2.14.3
nixos-25.11 2.14.3
- nixos-25.11-small 2.14.3
- nixpkgs-25.11-darwin 2.14.3

pkgs.woodpecker-pipeline-transform

Utility to convert different pipelines to Woodpecker CI pipelines

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.rubyPackages_3_3.html-pipeline

None

nixos-unstable 2.14.3
- nixpkgs-unstable 2.14.3
- nixos-unstable-small 2.14.3
nixos-25.11 2.14.3
- nixos-25.11-small 2.14.3
- nixpkgs-25.11-darwin 2.14.3

pkgs.rubyPackages_3_4.html-pipeline

None

nixos-unstable 2.14.3
- nixpkgs-unstable 2.14.3
- nixos-unstable-small 2.14.3
nixos-25.11 2.14.3
- nixos-25.11-small 2.14.3
- nixpkgs-25.11-darwin 2.14.3

pkgs.rubyPackages_4_0.html-pipeline

None

nixos-unstable 2.14.3
- nixpkgs-unstable 2.14.3
- nixos-unstable-small 2.14.3
nixos-25.11 2.14.3
- nixos-25.11-small 2.14.3
- nixpkgs-25.11-darwin 2.14.3

pkgs.python312Packages.pyannote-pipeline

Tunable pipelines

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.pyannote-pipeline

Tunable pipelines

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.pyannote-pipeline

Tunable pipelines

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.haskellPackages.amazonka-codepipeline

Amazon CodePipeline SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.haskellPackages.amazonka-datapipeline

Amazon Data Pipeline SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.prometheus-gitlab-ci-pipelines-exporter

Prometheus / OpenMetrics exporter for GitLab CI pipelines insights

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.11 0.5.10
- nixos-25.11-small 0.5.10
- nixpkgs-25.11-darwin 0.5.10

pkgs.python312Packages.mypy-boto3-codepipeline

Type annotations for boto3 codepipeline

nixos-25.11 boto3-codepipeline-1.41.0
- nixos-25.11-small boto3-codepipeline-1.41.0
- nixpkgs-25.11-darwin boto3-codepipeline-1.41.0

pkgs.python312Packages.mypy-boto3-datapipeline

Type annotations for boto3 datapipeline

nixos-25.11 boto3-datapipeline-1.41.0
- nixos-25.11-small boto3-datapipeline-1.41.0
- nixpkgs-25.11-darwin boto3-datapipeline-1.41.0

pkgs.python312Packages.pysigma-pipeline-sysmon

Library to support Sysmon pipeline for pySigma

nixos-25.11 1.0.4
- nixos-25.11-small 1.0.4
- nixpkgs-25.11-darwin 1.0.4

pkgs.python313Packages.mypy-boto3-codepipeline

Type annotations for boto3 codepipeline

nixos-unstable boto3-codepipeline-1.42.3
- nixpkgs-unstable boto3-codepipeline-1.42.3
- nixos-unstable-small boto3-codepipeline-1.42.3
nixos-25.11 boto3-codepipeline-1.41.0
- nixos-25.11-small boto3-codepipeline-1.41.0
- nixpkgs-25.11-darwin boto3-codepipeline-1.41.0

pkgs.python313Packages.mypy-boto3-datapipeline

Type annotations for boto3 datapipeline

nixos-unstable boto3-datapipeline-1.42.3
- nixpkgs-unstable boto3-datapipeline-1.42.3
- nixos-unstable-small boto3-datapipeline-1.42.3
nixos-25.11 boto3-datapipeline-1.41.0
- nixos-25.11-small boto3-datapipeline-1.41.0
- nixpkgs-25.11-darwin boto3-datapipeline-1.41.0

pkgs.python313Packages.pysigma-pipeline-sysmon

Library to support Sysmon pipeline for pySigma

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 1.0.4
- nixos-25.11-small 1.0.4
- nixpkgs-25.11-darwin 1.0.4

pkgs.python314Packages.mypy-boto3-codepipeline

Type annotations for boto3 codepipeline

nixos-unstable boto3-codepipeline-1.42.3
- nixpkgs-unstable boto3-codepipeline-1.42.3
- nixos-unstable-small boto3-codepipeline-1.42.3

pkgs.python314Packages.mypy-boto3-datapipeline

Type annotations for boto3 datapipeline

nixos-unstable boto3-datapipeline-1.42.3
- nixpkgs-unstable boto3-datapipeline-1.42.3
- nixos-unstable-small boto3-datapipeline-1.42.3

pkgs.python314Packages.pysigma-pipeline-sysmon

Library to support Sysmon pipeline for pySigma

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.pkgsRocm.python3Packages.pyannote-pipeline

Tunable pipelines

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python312Packages.pysigma-pipeline-windows

Library to support Windows service pipeline for pySigma

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python313Packages.pysigma-pipeline-windows

Library to support Windows service pipeline for pySigma

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python314Packages.pysigma-pipeline-windows

Library to support Windows service pipeline for pySigma

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.azure-cli-extensions.monitor-pipeline-group

Microsoft Azure Command-Line Tools MonitorPipelineGroup Extension

nixos-unstable 1.0.0b2
- nixpkgs-unstable 1.0.0b2
- nixos-unstable-small 1.0.0b2
nixos-25.11 1.0.0b2
- nixos-25.11-small 1.0.0b2
- nixpkgs-25.11-darwin 1.0.0b2