Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: python314Packages.vegafusion

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-4369
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 hours ago
Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

Affected products

Fusion
  • <2702.1.47

Matching in nixpkgs

pkgs.fusionInventory

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

pkgs.fusioninventory-agent

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

Package maintainers

Permalink CVE-2026-4344
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 hours ago
Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

Affected products

Fusion
  • <2702.1.47

Matching in nixpkgs

pkgs.fusionInventory

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

pkgs.fusioninventory-agent

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

Package maintainers

Permalink CVE-2026-4345
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 hours ago
Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

Affected products

Fusion
  • <2702.1.47

Matching in nixpkgs

pkgs.fusionInventory

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

pkgs.fusioninventory-agent

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

Package maintainers

Permalink CVE-2026-22715
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
VMware Workstation/Fusion NAT vulnerability

VMWare Workstation and Fusion contain a logic flaw in the management of network packets.  Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.  Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1

Affected products

ProductB
  • ==25H2U1
  • <25H2U1
VMware Workstation
  • ==25H2U1
  • <25H2U1

Matching in nixpkgs

pkgs.fusionInventory

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixos-25.11-small 2.6
    • nixpkgs-25.11-darwin 2.6

pkgs.helio-workstation

One music sequencer for all major platforms, both desktop and mobile

  • nixos-unstable 3.17
    • nixpkgs-unstable 3.17
    • nixos-unstable-small 3.17
  • nixos-25.11 3.16
    • nixos-25.11-small 3.16
    • nixpkgs-25.11-darwin 3.16

pkgs.fusioninventory-agent

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6

Package maintainers