Information on source package modsecurity

Available versions

ReleaseVersion
bullseye3.0.4-2
bookworm3.0.9-1+deb12u1
trixie3.0.14-1
forky3.0.14-1
sid3.0.15-1

Open issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2026-42268vulnerablevulnerablevulnerablevulnerablefixedUnsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
CVE-2026-30923vulnerablevulnerablevulnerablevulnerablefixedModSecurity is an open source, cross platform web application firewall ...
CVE-2024-1019vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypa ...
CVE-2023-38285vulnerable (no DSA, ignored)fixedfixedfixedfixedTrustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...
CVE-2022-48279vulnerable (no DSA)fixedfixedfixedfixedIn ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...
CVE-2021-42717vulnerable (no DSA)fixedfixedfixedfixedModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...

Resolved issues

BugDescription
CVE-2025-27110Libmodsecurity is one component of the ModSecurity v3 project. The lib ...
CVE-2023-28882Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial ...
CVE-2020-15598Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a ...
CVE-2019-25043ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ...
CVE-2019-19886Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send c ...

Security announcements

DSA / DLADescription
DSA-4765-1modsecurity - security update
Search for package or bug name: Reporting problems