Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: roundcubePlugins.persistent_login

Found 3 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-25957
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months ago
Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

Affected products

cube
  • ==>= 1.5.0, < 1.5.13
  • ==>= 1.1.17, < 1.4.2

Matching in nixpkgs

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

  • nixos-unstable -
    • nixpkgs-unstable 1.5.1
    • nixos-unstable-small 1.5.1
  • nixos-25.11 1.5.1
    • nixpkgs-25.11-darwin 1.5.1

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers

Untriaged
Permalink CVE-2026-25958
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months ago
Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

Affected products

cube
  • ==>= 0.27.19, < 1.0.14
  • ==>= 1.1.0, < 1.4.2
  • ==>= 1.5.0, < 1.5.13

Matching in nixpkgs

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

  • nixos-unstable -
    • nixpkgs-unstable 1.5.1
    • nixos-unstable-small 1.5.1
  • nixos-25.11 1.5.1
    • nixpkgs-25.11-darwin 1.5.1

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers

Untriaged
Permalink CVE-2018-25156
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
Teradek Cube 7.3.6 Cross-Site Request Forgery Password Change

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.

Affected products

Cube
  • ==7.3.15
  • ==7.3.6

Matching in nixpkgs

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers