| Release | Version |
|---|---|
| bullseye | 1.6-2.1 |
| bullseye (security) | 1.6-2.1+deb11u1 |
| bookworm | 1.6-2.1+deb12u1 |
| trixie | 1.7.1-6+deb13u1 |
| forky | 1.8.1-4 |
| sid | 1.8.1-5 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-40164 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6 ... |
| CVE-2026-39979 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. In commits before 2f09060afab23fe ... |
| CVE-2026-39956 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea ... |
| CVE-2026-33948 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18e ... |
| CVE-2026-33947 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. In versions 1.8.1 and below, func ... |
| CVE-2026-32316 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | jq is a command-line JSON processor. An integer overflow vulnerability ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-9403 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | A vulnerability was determined in jqlang jq up to 1.6. Impacted is the ... |
| CVE-2024-23337 | vulnerable | vulnerable | fixed | fixed | fixed | jq is a command-line JSON processor. In versions up to and including 1 ... |
| Bug | Description |
|---|---|
| CVE-2025-49014 | jq is a command-line JSON processor. In version 1.8.0 a heap use after ... |
| CVE-2025-48060 | jq is a command-line JSON processor. In versions up to and including 1 ... |
| CVE-2024-53427 | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ... |
| CVE-2023-50268 | jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ... |
| CVE-2023-50246 | jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ... |
| CVE-2023-49355 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ... |
| CVE-2016-4074 | The jv_dump_term function in jq 1.5 allows remote attackers to cause a ... |
| CVE-2015-8863 | Off-by-one error in the tokenadd function in jv_parse.c in jq allows r ... |
| DSA / DLA | Description |
|---|---|
| DLA-4307-1 | jq - security update |