Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: tests.fetchPypiLegacy.fetchSimple

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-6024
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 days, 23 hours ago
Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Affected products

i6
  • ==1.0.0.7(2204)

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-34743
created 1 week, 4 days ago
XZ Utils: Buffer overflow in lzma_index_append()

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

Affected products

xz
  • ==< 5.8.3

Matching in nixpkgs

pkgs.xz

General-purpose data compression software, successor of LZMA

pkgs.pixz

Parallel compressor/decompressor for xz format

pkgs.xzgv

Picture viewer for X with a thumbnail-based selector

pkgs.xzoom

X11 screen zoom tool

  • nixos-unstable 0.3
    • nixpkgs-unstable 0.3
    • nixos-unstable-small 0.3
  • nixos-25.11 0.3
    • nixos-25.11-small 0.3
    • nixpkgs-25.11-darwin 0.3

Package maintainers

Permalink CVE-2026-24825
created 2 months, 2 weeks ago
a memory leak in ydb-platform/ydb with use of yajl_tree_parse function from src/yail module, which will cause out-of-memory in server and cause crash.

Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C. This issue affects ydb: through 24.4.4.2.

Affected products

ydb
  • =<24.4.4.2

Matching in nixpkgs

pkgs.keydb

Multithreaded Fork of Redis

pkgs.pgcopydb

Copy a Postgres database to a target Postgres server (pg_dump | pg_restore on steroids

  • nixos-unstable 0.17
    • nixpkgs-unstable 0.17
    • nixos-unstable-small 0.17
  • nixos-25.11 0.17
    • nixpkgs-25.11-darwin 0.17