| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2026-28525 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | SWUpdate contains an integer underflow vulnerability in the multipart ... |
| CVE-2026-6986 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A security vulnerability has been detected in Cesanta Mongoose up to 7 ... |
| CVE-2026-6985 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A weakness has been identified in Cesanta Mongoose up to 7.20. This vu ... |
| CVE-2026-5246 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte ... |
| CVE-2026-5245 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts ... |
| CVE-2026-5244 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A vulnerability has been found in Cesanta Mongoose up to 7.20. This af ... |
| CVE-2026-2968 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A vulnerability was detected in Cesanta Mongoose up to 7.20. This impa ... |
| CVE-2026-2967 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A security vulnerability has been detected in Cesanta Mongoose up to 7 ... |
| CVE-2026-2966 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A weakness has been identified in Cesanta Mongoose up to 7.20. The imp ... |
| CVE-2025-65502 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Null pointer dereference in add_ca_certs() in Cesanta Mongoose before ... |
| CVE-2025-51495 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An integer overflow vulnerability exists in the WebSocket component of ... |
| CVE-2023-34188 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | The HTTP server in Mongoose before 7.10 accepts requests containing ne ... |
| CVE-2023-2905 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ... |
| CVE-2021-26530 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ... |
| CVE-2021-26529 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ... |
| CVE-2021-26528 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ... |
| CVE-2020-25887 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when r ... |
| CVE-2020-25756 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | A buffer overflow vulnerability exists in the mg_get_http_header funct ... |
| CVE-2019-19307 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ... |
| CVE-2019-13503 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ... |
| CVE-2019-12951 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ... |