Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: anytype-heart

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-31863
3.6 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 1 week ago Activity log
  • Created suggestion 1 month, 1 week ago
Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5.

Affected products

anytype-ts
  • ==< 0.54.5
anytype-cli
  • ==< 0.1.11
anytype-heart
  • ==< 0.48.4

Matching in nixpkgs

Package maintainers

Permalink CVE-2025-58928
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 months ago Activity log
  • Created suggestion 4 months ago
WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through <= 1.8.

Affected products

heart
  • =<<= 1.8

Matching in nixpkgs

Package maintainers