Suggestions search

All statuses

Filter by:

With package: typstPackages.minimalistic-latex-cv_0_1_0

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-25161

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 1 week ago

Alist vulnerable to Path Traversal in multiple file operation handlers

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across user boundaries within the same storage mount. This issue has been patched in version 3.57.0.

References

https://github.com/AlistGo/alist/security/advisories/GHSA-x4q4-7phh-42j9 x_refsource_CONFIRM
https://github.com/AlistGo/alist/commit/b188288525b9a35c76535139311e7c036dab057e x_refsource_MISC
https://github.com/AlistGo/alist/security/advisories/GHSA-x4q4-7phh-42j9 x_refsource_CONFIRM
https://github.com/AlistGo/alist/commit/b188288525b9a35c76535139311e7c036dab057e x_refsource_MISC

Affected products

alist

==< 3.57.0

Matching in nixpkgs

pkgs.alist

File list/WebDAV program that supports multiple storages

nixos-unstable -
- nixpkgs-unstable 3.55.0
nixos-25.11 3.45.0

pkgs.alistral

Power tools for Listenbrainz

nixos-unstable -
- nixpkgs-unstable 0.6.5
nixos-25.11 0.6.0

pkgs.ultralist

Simple GTD-style todo list for the command line

nixos-unstable -
- nixpkgs-unstable 1.7.0
nixos-25.11 1.7.0

pkgs.journalist

RSS aggregator

nixos-unstable -
- nixpkgs-unstable 1.0.1
nixos-25.11 1.0.1

pkgs.surrealist

Surrealist is the ultimate way to visually manage your SurrealDB database

nixos-unstable -
- nixpkgs-unstable 3.6.1
nixos-25.11 3.6.1

pkgs.alisthelper

Designed to simplify the use of the desktop version of alist

nixos-unstable -
- nixpkgs-unstable 0.2.0-unstable-2025-08-05
nixos-25.11 0.2.0-unstable-2025-08-05

pkgs.haskellPackages.alist

lists with O(1) append

nixos-unstable -
- nixpkgs-unstable 0.1.2.7
nixos-25.11 0.1.2.7

pkgs.akkuPackages.pfds-alist

Convenience functions for working with association lists

nixos-unstable -
- nixpkgs-unstable 1.0.0
nixos-25.11 1.0.0

pkgs.akkuPackages.slib-alist

Some functions for working with association lists

nixos-unstable -
- nixpkgs-unstable 3.1.5
nixos-25.11 3.1.5

pkgs.ue4demos.realistic_rendering

Unreal Engine 4 Linux demos

nixos-unstable -
- nixpkgs-unstable
nixos-25.11 -

pkgs.haskellPackages.html-minimalist

Minimalist haskell html library

nixos-unstable -
- nixpkgs-unstable 0.15
nixos-25.11 0.15

pkgs.chickenPackages_5.chickenEggs.alist-lib

SRFI-69-like library for alists

nixos-unstable -
- nixpkgs-unstable 0.3.0
nixos-25.11 0.3.0

pkgs.typstPackages.minimalistic-latex-cv_0_1_0

A minimalistic LaTeX-style CV template for professionals

nixos-unstable -
- nixpkgs-unstable 0.1.0
nixos-25.11 0.1.0

pkgs.typstPackages.minimalistic-latex-cv_0_1_1

A minimalistic LaTeX-style CV template for professionals

nixos-unstable -
- nixpkgs-unstable 0.1.1
nixos-25.11 0.1.1

Package maintainers

@Moraxyc Moraxyc Xu <i@qaq.li>
@emaryn emaryn
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@MDM23 Peter Frank
@cherrypiejam Gongqi Huang
@uvNikita Nikita Uvarov <uv.nikita@gmail.com>

Untriaged

Permalink CVE-2026-25160

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 months, 1 week ago

Alist has Insecure TLS Config

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle (MitM) attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations, severely compromising the confidentiality and integrity of user data. This issue has been patched in version 3.57.0.