Information on source package jq

Available versions

ReleaseVersion
bullseye1.6-2.1
bullseye (security)1.6-2.1+deb11u3
bookworm1.6-2.1+deb12u1
bookworm (security)1.6-2.1+deb12u2
trixie1.7.1-6+deb13u2
forky1.8.1-8
sid1.8.2-1

Open issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2026-54679fixedfixedvulnerablevulnerablefixedjq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, ...
CVE-2026-49839fixedfixedvulnerablefixedfixedjq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` ca ...
CVE-2026-47770fixedfixedvulnerablefixedfixedjq is a command-line JSON processor. Prior to 1.8.2, comparing two suf ...
CVE-2026-44777fixedfixedvulnerable (no DSA)fixedfixedjq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordi ...
CVE-2026-43896fixedfixedvulnerable (no DSA)fixedfixedjq is a command-line JSON processor. In 1.8.1 and earlier, unbounded r ...
CVE-2026-43895fixedfixedvulnerablefixedfixedjq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts ...
CVE-2026-43894fixedfixedvulnerablefixedfixedjq is a command-line JSON processor. In 1.8.1 and earlier, when decNum ...
CVE-2026-41257fixedfixedvulnerable (no DSA)fixedfixedjq is a command-line JSON processor. In 1.8.1 and earlier, the jq byte ...
CVE-2026-41256fixedfixedvulnerable (no DSA)fixedfixedjq is a command-line JSON processor. In 1.8.1 and earlier, Top-level j ...

Open unimportant issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2026-40612vulnerablevulnerablevulnerablefixedfixedjq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains ...
CVE-2025-9403vulnerablevulnerablevulnerablevulnerablevulnerableA vulnerability was determined in jqlang jq up to 1.6. Impacted is the ...
CVE-2024-23337vulnerablevulnerablefixedfixedfixedjq is a command-line JSON processor. In versions up to and including 1 ...

Resolved issues

BugDescription
CVE-2026-40164jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6 ...
CVE-2026-39979jq is a command-line JSON processor. In commits before 2f09060afab23fe ...
CVE-2026-39956jq is a command-line JSON processor. In commits after 69785bf77f86e2ea ...
CVE-2026-33948jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18e ...
CVE-2026-33947jq is a command-line JSON processor. In versions 1.8.1 and below, func ...
CVE-2026-32316jq is a command-line JSON processor. An integer overflow vulnerability ...
CVE-2025-49014jq is a command-line JSON processor. In version 1.8.0 a heap use after ...
CVE-2025-48060jq is a command-line JSON processor. In versions up to and including 1 ...
CVE-2024-53427decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ...
CVE-2023-50268jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...
CVE-2023-50246jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...
CVE-2023-49355decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ...
CVE-2016-4074The jv_dump_term function in jq 1.5 allows remote attackers to cause a ...
CVE-2015-8863Off-by-one error in the tokenadd function in jv_parse.c in jq allows r ...

Security announcements

DSA / DLADescription
DLA-4662-1jq - security update
DLA-4661-1jq - security update
DLA-4599-1jq - security update
DLA-4307-1jq - security update

Search for package or bug name: Reporting problems