Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: haskellPackages.ghc-typelits-knownnat

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-26273

created 2 months ago

Known affected by Account Takeover via Password Reset Token Leakage

Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.

References

https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r x_refsource_CONFIRM
https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a x_refsource_MISC
https://github.com/idno/known/releases/tag/1.6.3 x_refsource_MISC
https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r x_refsource_CONFIRM
https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a x_refsource_MISC
https://github.com/idno/known/releases/tag/1.6.3 x_refsource_MISC

Affected products

known

==< 1.6.3

Matching in nixpkgs

pkgs.nim

Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)

nixos-unstable -
- nixpkgs-unstable 2.2.4
- nixos-unstable-small 2.2.4
nixos-25.11 2.2.4
- nixos-25.11-small 2.2.4
- nixpkgs-25.11-darwin 2.2.4

pkgs.nnd

Debugger for Linux

nixos-unstable x86_64-unknown-linux-musl-0.38
- nixpkgs-unstable x86_64-unknown-linux-musl-0.69
- nixos-unstable-small x86_64-unknown-linux-musl-0.69
nixos-25.11 x86_64-unknown-linux-musl-0.59
- nixos-25.11-small x86_64-unknown-linux-musl-0.59
- nixpkgs-25.11-darwin x86_64-unknown-linux-musl-0.59

pkgs.nim1

Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)

nixos-unstable 1.6.20
- nixpkgs-unstable 1.6.20
- nixos-unstable-small 1.6.20
nixos-25.11 1.6.20
- nixos-25.11-small 1.6.20
- nixpkgs-25.11-darwin 1.6.20

pkgs.nim2

Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)

nixos-unstable 2.2.4
- nixpkgs-unstable 2.2.4
- nixos-unstable-small 2.2.4
nixos-25.11 2.2.4
- nixos-25.11-small 2.2.4
- nixpkgs-25.11-darwin 2.2.4

pkgs.nim-1_0

Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)

nixos-unstable -
- nixpkgs-unstable 1.6.20
- nixos-unstable-small 1.6.20
nixos-25.11 1.6.20
- nixos-25.11-small 1.6.20
- nixpkgs-25.11-darwin 1.6.20

pkgs.nim-2_0

Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)

nixos-unstable 2.0.16
- nixpkgs-unstable 2.0.16
- nixos-unstable-small 2.0.16
nixos-25.11 2.0.16
- nixos-25.11-small 2.0.16
- nixpkgs-25.11-darwin 2.0.16

pkgs.nim-2_2

Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)

nixos-unstable -
- nixpkgs-unstable 2.2.4
- nixos-unstable-small 2.2.4
nixos-25.11 2.2.4
- nixos-25.11-small 2.2.4
- nixpkgs-25.11-darwin 2.2.4

pkgs.lixStatic

Powerful package manager that makes package management reliable and reproducible

nixos-unstable x86_64-unknown-linux-musl-2.91.3
- nixpkgs-unstable x86_64-unknown-linux-musl-2.94.0
- nixos-unstable-small x86_64-unknown-linux-musl-2.94.0
nixos-25.11 x86_64-unknown-linux-musl-2.93.3
- nixos-25.11-small x86_64-unknown-linux-musl-2.93.3
- nixpkgs-25.11-darwin x86_64-unknown-linux-musl-2.93.3

pkgs.nixStatic

Powerful package manager that makes package management reliable and reproducible

nixos-unstable x86_64-unknown-linux-musl-2.28.4
- nixpkgs-unstable x86_64-unknown-linux-musl-2.31.3
- nixos-unstable-small x86_64-unknown-linux-musl-2.31.3
nixos-25.11 x86_64-unknown-linux-musl-2.31.2
- nixos-25.11-small x86_64-unknown-linux-musl-2.31.2
- nixpkgs-25.11-darwin x86_64-unknown-linux-musl-2.31.2

pkgs.haskellPackages.ssh-known-hosts

Read and interpret the SSH known-hosts file

nixos-unstable 0.2.0.0
- nixpkgs-unstable 0.2.0.0
- nixos-unstable-small 0.2.0.0
nixos-25.11 0.2.0.0
- nixos-25.11-small 0.2.0.0
- nixpkgs-25.11-darwin 0.2.0.0

pkgs.haskellPackages.ghc-typelits-knownnat

Derive KnownNat constraints from other KnownNat constraints

nixos-unstable 0.7.13
- nixpkgs-unstable 0.7.13
- nixos-unstable-small 0.7.13
nixos-25.11 0.7.13
- nixos-25.11-small 0.7.13
- nixpkgs-25.11-darwin 0.7.13

Package maintainers

@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
@lf- Jade Lovelace
@Qyriad Qyriad <qyriad@qyriad.me>
@9999years Rebecca Turner <rbt@fastmail.com>
@alois31 Alois Wohlschlager <alois1@gmx-topmail.de>
@Eveeifyeve Eveeifyeve <eveeg1971@gmail.com>
@ehmry Emery Hemingway <ehmry@posteo.net>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@edolstra Eelco Dolstra <edolstra+nixpkgs@gmail.com>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
@Artturin Artturi N <artturin@artturin.com>
@tomberek Thomas Bereknyei <tomberek@gmail.com>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@Sinjin2300 Sinjin
@eclairevoyant éclairevoyant
@daylinmorgan Daylin Morgan <daylinmorgan@gmail.com>

1