Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: python313Packages.llama-index-llms-ollama

Found 6 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-39415
created 6 days, 16 hours ago
Frappe Learning Management System has Client-Side Manipulation of Quiz Scores

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated scores, which can be altered using browser developer tools prior to sending the submission request. While this does not allow modification of other users’ data or privilege escalation, it compromises the integrity of quiz results and undermines academic reliability. This issue affects data integrity but does not expose confidential information or allow unauthorized access to other accounts. This vulnerability is fixed in 2.46.0.

Affected products

lms
  • ==< 2.46.0

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

Package maintainers

Untriaged
Permalink CVE-2026-5530
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 1 day ago
Ollama Model Pull API download.go server-side request forgery

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Ollama
  • ==18.0
  • ==18.1

Matching in nixpkgs

pkgs.ollama-cuda

Get up and running with large language models locally, using CUDA for NVIDIA GPU acceleration

pkgs.ollama-rocm

Get up and running with large language models locally, using ROCm for AMD GPU acceleration

pkgs.ollama-vulkan

Get up and running with large language models locally, using Vulkan for generic GPU acceleration

pkgs.gnomeExtensions.ollama-indicator

An indicator that let you run models with Ollama.

  • nixos-unstable 8
    • nixpkgs-unstable 8
    • nixos-unstable-small 8
  • nixos-25.11 8
    • nixos-25.11-small 8
    • nixpkgs-25.11-darwin 8

Package maintainers

Untriaged
Permalink CVE-2026-34606
created 1 week, 5 days ago
Stored XSS in Frappe LMS

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

Affected products

lms
  • ==>= 2.27.0, < 2.48.0

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

Package maintainers

Untriaged
Permalink CVE-2026-26977
created 1 month, 3 weeks ago
Frappe Learning Management System exposes details of unpublished courses to unauthorized users

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.

Affected products

lms
  • ==<= 2.44.0

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

Package maintainers

Untriaged
Permalink CVE-2026-26031
created 2 months ago
Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixed in 2.44.0.

Affected products

lms
  • ==< 2.44.0

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

Package maintainers

Untriaged
Permalink CVE-2026-1106
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 3 weeks ago
Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

LMS
  • ==2.0.0 Beta 1

Matching in nixpkgs

pkgs.lms

Lightweight Music Server - Access your self-hosted music using a web interface

pkgs.helmsman

Helm Charts (k8s applications) as Code tool

pkgs.lmstudio

LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)

Package maintainers