| Release | Version |
|---|---|
| bullseye | 1.6-2.1 |
| bookworm | 1.6-2.1 |
| trixie | 1.7.1-6 |
| sid | 1.8.0-1 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2025-49014 | fixed | fixed | vulnerable | vulnerable | jq is a command-line JSON processor. In version 1.8.0 a heap use after ... |
| CVE-2025-48060 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. In versions up to and including 1 ... |
| CVE-2024-53427 | fixed | vulnerable (no DSA) | fixed | fixed | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ... |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2024-23337 | vulnerable | vulnerable | fixed | fixed | jq is a command-line JSON processor. In versions up to and including 1 ... |
| Bug | Description |
|---|---|
| CVE-2023-50268 | jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ... |
| CVE-2023-50246 | jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ... |
| CVE-2023-49355 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ... |
| CVE-2016-4074 | The jv_dump_term function in jq 1.5 allows remote attackers to cause a ... |
| CVE-2015-8863 | Off-by-one error in the tokenadd function in jv_parse.c in jq allows r ... |