Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: dive

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-23523

9.7 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

Dive allows One-click Remote Code Execution through Deep Links for MCP Install

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.

References

https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-pjj5-f3wm-f9m8 x_refsource_CONFIRM
https://github.com/OpenAgentPlatform/Dive/commit/a5162ac9eff366d8ea1215b8a47139a81a55a779 x_refsource_MISC

Affected products

Dive

==< 0.13.0

Matching in nixpkgs

pkgs.dive

Tool for exploring each layer in a docker image

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1
nixos-25.11 0.13.1
- nixpkgs-25.11-darwin 0.13.1

pkgs.git-dive

Dive into a file's history to find root cause

nixos-unstable 0.1.6
- nixpkgs-unstable 0.1.6
- nixos-unstable-small 0.1.6
nixos-25.11 0.1.6
- nixpkgs-25.11-darwin 0.1.6

pkgs.libdivecomputer

Cross-platform and open source library for communication with dive computers from various manufacturers

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.haskellPackages.diversity

Quantify the diversity of a population

nixos-unstable 0.8.1.0
- nixpkgs-unstable 0.8.1.0
- nixos-unstable-small 0.8.1.0
nixos-25.11 0.8.1.0
- nixpkgs-25.11-darwin 0.8.1.0

pkgs.haskellPackages.data-diverse

Extensible records and polymorphic variants

nixos-unstable 4.7.1.0
- nixpkgs-unstable 4.7.1.0
- nixos-unstable-small 4.7.1.0
nixos-25.11 4.7.1.0
- nixpkgs-25.11-darwin 4.7.1.0

pkgs.typstPackages.diverential_0_2_0

Format differentials conveniently

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.gnomeExtensions.the-indie-beat-fediverse-radio

Stream The Indie Beat Radio - independent music from artists in the Fediverse.

nixos-unstable 8
- nixpkgs-unstable 8
- nixos-unstable-small 8
nixos-25.11 9
- nixpkgs-25.11-darwin 9

Package maintainers

@ryan4yin Ryan Yin <xiaoyin_c@qq.com>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@figsoda figsoda <figsoda@pm.me>
@honnip Jung seungwoo <me@honnip.page>
@mguentner Maximilian Güntner <code@mguentner.de>
@cherrypiejam Gongqi Huang

1