Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: bruno

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-34841

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 week, 4 days ago

Axios npm Supply Chain Incident Impacting @usebruno/cli

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1

References

https://github.com/usebruno/bruno/security/advisories/GHSA-658g-p7jg-wx5g x_refsource_CONFIRM
https://github.com/axios/axios/issues/10604 x_refsource_MISC
https://github.com/usebruno/bruno/pull/7632 x_refsource_MISC
https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat x_refsource_MISC

Affected products

bruno

==< 3.2.1

Matching in nixpkgs

pkgs.bruno

Open-source IDE For exploring and testing APIs

nixos-unstable 3.2.0
- nixpkgs-unstable 3.2.0
- nixos-unstable-small 3.2.0
nixos-25.11 2.14.2
- nixos-25.11-small 2.14.2
- nixpkgs-25.11-darwin 2.14.2

pkgs.bruno-cli

CLI of the open-source IDE For exploring and testing APIs

nixos-unstable 3.2.0
- nixpkgs-unstable 3.2.0
- nixos-unstable-small 3.2.0
nixos-25.11 2.14.2
- nixos-25.11-small 2.14.2
- nixpkgs-25.11-darwin 2.14.2

Package maintainers

@mattpolzin Matt Polzin <matt.polzin@gmail.com>
@water-sucks Varun Narravula <varun@snare.dev>
@kashw2 Keanu Ashwell <supra4keanu@hotmail.com>
@redyf Mateus Alves <mateusalvespereira7@gmail.com>
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
@lucasew Lucas Eduardo Wendt <lucas59356@gmail.com>

1