Suggestions search

Untriaged

Filter by:

With package: tailspin

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-27887

created 1 month, 3 weeks ago

Spin has memory leaks in various WIT interfaces

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size (e.g. tables with many rows or large content bodies), Spin may in some cases attempt to buffer the entire response before delivering it to the guest, which can lead to the host process running out of memory, panicking, and crashing. In addition, a malicious guest application could incrementally insert a large number of rows or values into a database and then retrieve them all in a single query, leading to large host allocations. Spin 3.6.1, SpinKube 0.6.2, and `containerd-shim-spin` 0.22.1 have been patched to address the issue. As a workaround, configure Spin to only allow access to trusted databases and HTTP servers which limit response sizes.

References

https://github.com/spinframework/spin/security/advisories/GHSA-mv4f-6ffm-32wx x_refsource_CONFIRM

Affected products

spin

==< 3.6.1

SpinKube

==< 0.6.2

containerd-shim-spin

==< 0.22.1

Matching in nixpkgs

pkgs.spin

Formal verification tool for distributed software systems

nixos-unstable 6.5.2
- nixpkgs-unstable 6.5.2
- nixos-unstable-small 6.5.2
nixos-25.11 6.5.2
- nixos-25.11-small 6.5.2
- nixpkgs-25.11-darwin 6.5.2

pkgs.aspino

SAT/PseudoBoolean/MaxSat/ASP solver using glucose

nixos-unstable 0-unstable-2018-03-24
- nixpkgs-unstable 0-unstable-2018-03-24
- nixos-unstable-small 0-unstable-2018-03-24
nixos-25.11 0-unstable-2018-03-24
- nixos-25.11-small 0-unstable-2018-03-24
- nixpkgs-25.11-darwin 0-unstable-2018-03-24

pkgs.upspin

Global name space for storing data akin to a filesystem

nixos-unstable 2023-02-05
- nixpkgs-unstable 2023-02-05
- nixos-unstable-small 2023-02-05
nixos-25.11 2023-02-05
- nixos-25.11-small 2023-02-05
- nixpkgs-25.11-darwin 2023-02-05

pkgs.openspin

Compiler for SPIN/PASM languages for Parallax Propeller MCU

nixos-unstable 2018-10-02
- nixpkgs-unstable 2018-10-02
- nixos-unstable-small 2018-10-02
nixos-25.11 2018-10-02
- nixos-25.11-small 2018-10-02
- nixpkgs-25.11-darwin 2018-10-02

pkgs.tailspin

Log file highlighter

nixos-unstable 5.5.0
- nixpkgs-unstable 5.5.0
- nixos-unstable-small 5.5.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.fermyon-spin

Framework for building, deploying, and running fast, secure, and composable cloud microservices with WebAssembly

nixos-unstable 3.5.1
- nixpkgs-unstable 3.5.1
- nixos-unstable-small 3.5.1
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.haskellPackages.spine

Simple implementation of the generic spine view

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1
nixos-25.11 0.1
- nixos-25.11-small 0.1
- nixpkgs-25.11-darwin 0.1

pkgs.sbclPackages.spinneret

None

nixos-unstable 20260101-git
- nixpkgs-unstable 20260101-git
- nixos-unstable-small 20260101-git
nixos-25.11 20250622-git
- nixos-25.11-small 20250622-git
- nixpkgs-25.11-darwin 20250622-git

pkgs.haskellPackages.Spintax

Random text generation based on spintax

nixos-unstable 0.3.7.0
- nixpkgs-unstable 0.3.7.0
- nixos-unstable-small 0.3.7.0
nixos-25.11 0.3.7.0
- nixos-25.11-small 0.3.7.0
- nixpkgs-25.11-darwin 0.3.7.0

pkgs.python312Packages.yaspin

Yet Another Terminal Spinner

nixos-25.11 3.1.0
- nixos-25.11-small 3.1.0
- nixpkgs-25.11-darwin 3.1.0

pkgs.python313Packages.yaspin

Yet Another Terminal Spinner

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.11 3.1.0
- nixos-25.11-small 3.1.0
- nixpkgs-25.11-darwin 3.1.0

pkgs.python314Packages.yaspin

Yet Another Terminal Spinner

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0

pkgs.python312Packages.outspin

Conveniently read single char inputs in the console

nixos-25.11 0.3.2
- nixos-25.11-small 0.3.2
- nixpkgs-25.11-darwin 0.3.2

pkgs.python313Packages.outspin

Conveniently read single char inputs in the console

nixos-unstable 0.3.2
- nixpkgs-unstable 0.3.2
- nixos-unstable-small 0.3.2
nixos-25.11 0.3.2
- nixos-25.11-small 0.3.2
- nixpkgs-25.11-darwin 0.3.2

pkgs.python314Packages.outspin

Conveniently read single char inputs in the console

nixos-unstable 0.3.2
- nixpkgs-unstable 0.3.2
- nixos-unstable-small 0.3.2

pkgs.python312Packages.pyspinel

Interface to the OpenThread Network Co-Processor (NCP)

nixos-25.11 2021-08-19
- nixos-25.11-small 2021-08-19
- nixpkgs-25.11-darwin 2021-08-19

pkgs.python312Packages.spinners

Spinners for the Terminal

nixos-25.11 0.0.24
- nixos-25.11-small 0.0.24
- nixpkgs-25.11-darwin 0.0.24

pkgs.python313Packages.pyspinel

Interface to the OpenThread Network Co-Processor (NCP)

nixos-unstable 2021-08-19
- nixpkgs-unstable 2021-08-19
- nixos-unstable-small 2021-08-19
nixos-25.11 2021-08-19
- nixos-25.11-small 2021-08-19
- nixpkgs-25.11-darwin 2021-08-19

pkgs.python313Packages.spinners

Spinners for the Terminal

nixos-unstable 0.0.24
- nixpkgs-unstable 0.0.24
- nixos-unstable-small 0.0.24
nixos-25.11 0.0.24
- nixos-25.11-small 0.0.24
- nixpkgs-25.11-darwin 0.0.24

pkgs.python314Packages.pyspinel

Interface to the OpenThread Network Co-Processor (NCP)

nixos-unstable 2021-08-19
- nixpkgs-unstable 2021-08-19
- nixos-unstable-small 2021-08-19

pkgs.python314Packages.spinners

Spinners for the Terminal

nixos-unstable 0.0.24
- nixpkgs-unstable 0.0.24
- nixos-unstable-small 0.0.24

pkgs.python313Packages.aiosendspin

Async Python library implementing the Sendspin Protocol

nixos-unstable 3.0.1
- nixpkgs-unstable 3.0.1
- nixos-unstable-small 3.0.1

pkgs.python314Packages.aiosendspin

Async Python library implementing the Sendspin Protocol

nixos-unstable 3.0.1
- nixpkgs-unstable 3.0.1
- nixos-unstable-small 3.0.1

pkgs.python312Packages.click-spinner

Add support for showwing that command line app is active to Click

nixos-25.11 0.1.10
- nixos-25.11-small 0.1.10
- nixpkgs-25.11-darwin 0.1.10

pkgs.python313Packages.click-spinner

Add support for showwing that command line app is active to Click

nixos-unstable 0.1.10
- nixpkgs-unstable 0.1.10
- nixos-unstable-small 0.1.10
nixos-25.11 0.1.10
- nixos-25.11-small 0.1.10
- nixpkgs-25.11-darwin 0.1.10

pkgs.python314Packages.click-spinner

Add support for showwing that command line app is active to Click

nixos-unstable 0.1.10
- nixpkgs-unstable 0.1.10
- nixos-unstable-small 0.1.10

Package maintainers

@MGlolenstine MGlolenstine <mglolenstine@gmail.com>
@redvers Redvers Davies <red@infect.me>
@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>
@urbas Matej Urbas <matej.urbas@gmail.com>
@samuela Samuel Ainsworth <skainsworth@gmail.com>
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
@hraban Hraban Luyat <hraban@0brg.net>
@lukego Luke Gorrie <luke@snabb.co>
@nagy Daniel Nagy <danielnagy@posteo.de>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@pSub Pascal Wittmann <mail@pascal-wittmann.de>
@dit7ya Mostly Void <7rat13@gmail.com>
@orthros orthros
@emilylange Emily Lange <nix@emilylange.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>

Permalink CVE-2025-69067

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 months, 3 weeks ago

WordPress Tails theme <= 1.4.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tails tails allows PHP Local File Inclusion.This issue affects Tails: from n/a through <= 1.4.12.