Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.


PackageBugUrgencyRemote
calibreCVE-2026-25635not yet assignedno
CVE-2026-25636not yet assignedno
CVE-2026-25731not yet assignedno
CVE-2026-26064not yet assignedno
CVE-2026-26065not yet assignedno
CVE-2026-27810not yet assignedno
CVE-2026-27824not yet assignedno
CVE-2026-30853not yet assignedno
CVE-2026-33205not yet assignedno
CVE-2026-33206not yet assignedno
ckermitCVE-2025-68920not yet assignedno
claws-mailCVE-2019-10735lowno
curlCVE-2026-4873not yet assignedno
CVE-2026-5545not yet assignedno
CVE-2026-5773not yet assignedno
CVE-2026-6253not yet assignedno
CVE-2026-6276not yet assignedno
CVE-2026-6429not yet assignedno
CVE-2026-7168not yet assignedno
devscriptsCVE-2025-8454not yet assignedno
fort-validatorCVE-2024-56169not yet assignedno
CVE-2024-56170not yet assignedno
freerdp3CVE-2026-40254not yet assignedno
libmojolicious-perlCVE-2024-58134not yet assignedno
CVE-2024-58135not yet assignedno
libyangCVE-2026-44673not yet assignedno
linuxCVE-2013-7445not yet assignedno
CVE-2018-12928lowno
CVE-2019-15213not yet assignedno
CVE-2019-16089not yet assignedno
CVE-2019-19449not yet assignedno
CVE-2019-19814not yet assignedno
CVE-2019-20794not yet assignedno
CVE-2020-14304not yet assignedno
CVE-2020-36694not yet assignedno
CVE-2021-3847not yet assignedno
CVE-2021-3864not yet assignedno
CVE-2023-3397not yet assignedno
CVE-2023-4010not yet assignedno
CVE-2023-6238not yet assignedno
CVE-2023-6240not yet assignedno
CVE-2023-31082not yet assignedno
CVE-2023-37454not yet assignedno
CVE-2024-2193not yet assignedno
CVE-2024-21803not yet assignedno
CVE-2024-24864not yet assignedno
CVE-2024-56709not yet assignedno
CVE-2026-46300not yet assigned?
mesaCVE-2026-40393not yet assignedno
nvidia-graphics-drivers (non-free-firmware)CVE-2025-23279not yet assignedno
CVE-2025-23280not yet assignedno
CVE-2025-23282not yet assignedno
CVE-2025-23286not yet assignedno
CVE-2025-23300not yet assignedno
CVE-2025-23330not yet assignedno
CVE-2025-23332not yet assignedno
CVE-2025-23345not yet assignedno
CVE-2025-33219not yet assignedno
nvidia-open-gpu-kernel-modules (contrib)CVE-2025-23279not yet assignedno
CVE-2025-23280not yet assignedno
CVE-2025-23282not yet assignedno
CVE-2025-23286not yet assignedno
CVE-2025-23300not yet assignedno
CVE-2025-23330not yet assignedno
CVE-2025-23332not yet assignedno
CVE-2025-23345not yet assignedno
CVE-2025-33219not yet assignedno
pyasn1CVE-2026-30922not yet assignedno
streamlinkCVE-2026-44353not yet assigned?
tinyproxyCVE-2026-3945not yet assignedno
CVE-2026-31842not yet assignedno
zabbixCVE-2026-23924not yet assignedno
CVE-2026-23926not yet assignedno
CVE-2026-23927not yet assignedno
CVE-2026-23928not yet assignedno
znuny (non-free)CVE-2025-52204not yet assignedno
CVE-2025-59490not yet assigned?

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.

Search for package or bug name: Reporting problems