| Release | Version |
|---|---|
| buster | 1.9-4 |
| bullseye | 1.18-1 |
| sid | 1.23.1+dfsg-1 |
| Bug | buster | bullseye | sid | Description |
|---|---|---|---|---|
| CVE-2022-2589 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ... |
| CVE-2022-2523 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ... |
| CVE-2022-2514 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | The time and filter parameters in Fava prior to v1.22 are vulnerable t ... |