| Release | Version |
|---|---|
| bullseye | 3.38.2-1+deb11u3 |
| bookworm | 43.1-1 |
| trixie | 48.3-2 |
| forky | 49.1-1 |
| sid | 49.1-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-3839 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Require user interaction before opening URL in external application |
| CVE-2023-26081 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can tr ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| TEMP-0560108-565B70 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | browser-based css info disclosure |
| CVE-2014-3566 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... |
| CVE-2007-1084 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ... |
| Bug | Description |
|---|---|
| CVE-2022-29536 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ... |
| CVE-2021-45088 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ... |
| CVE-2021-45087 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ... |
| CVE-2021-45086 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ... |
| CVE-2021-45085 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ... |
| CVE-2019-25085 | A vulnerability was found in GNOME gvdb. It has been classified as cri ... |
| CVE-2018-12016 | libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ... |
| CVE-2018-11396 | ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3 ... |
| CVE-2017-1000025 | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 befo ... |
| CVE-2010-3312 | Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditiona ... |
| CVE-2008-5985 | Untrusted search path vulnerability in the Python interface in Epiphan ... |
| CVE-2005-0238 | The International Domain Name (IDN) support in Epiphany allows remote ... |
| DSA / DLA | Description |
|---|---|
| DLA-3423-1 | epiphany-browser - security update |
| DLA-3074-1 | epiphany-browser - security update |
| DSA-5208-1 | epiphany-browser - security update |
| DSA-5042-1 | epiphany-browser - security update |