Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: python312Packages.energyflip-client

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-33879
created 3 weeks, 1 day ago
FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and credential-stuffing attacks. FLIP users are external to the organization, increasing credential reuse risk. As of time of publication, it is unclear if a patch is available.

Affected products

FLIP
  • ==<= 0.1.1

Matching in nixpkgs

pkgs.flip

Tool for visualizing and communicating the errors in rendered images

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixos-25.11-small 1.2
    • nixpkgs-25.11-darwin 1.2

pkgs.flips

Patcher for IPS and BPS files

  • nixos-unstable 198
    • nixpkgs-unstable 198
    • nixos-unstable-small 198
  • nixos-25.11 198
    • nixos-25.11-small 198
    • nixpkgs-25.11-darwin 198

pkgs.qFlipper

Cross-platform desktop tool to manage your flipper device

pkgs.flip-link

Adds zero-cost stack overflow protection to your embedded programs

Package maintainers