Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.


PackageBugUrgencyRemote
calibreCVE-2026-25635not yet assignedno
CVE-2026-25636not yet assignedno
CVE-2026-25731not yet assignedno
CVE-2026-26064not yet assignedno
CVE-2026-26065not yet assignedno
CVE-2026-27810not yet assignedno
CVE-2026-27824not yet assignedno
CVE-2026-30853not yet assignedno
CVE-2026-33205not yet assignedno
CVE-2026-33206not yet assignedno
ckermitCVE-2025-68920not yet assignedno
claws-mailCVE-2019-10735lowno
curlCVE-2026-4873not yet assigned?
CVE-2026-5545not yet assigned?
CVE-2026-5773not yet assigned?
CVE-2026-6253not yet assigned?
CVE-2026-6276not yet assigned?
CVE-2026-6429not yet assigned?
CVE-2026-7168not yet assigned?
devscriptsCVE-2025-8454not yet assignedno
exim4CVE-2026-45185not yet assignedno
fort-validatorCVE-2024-56169not yet assignedno
CVE-2024-56170not yet assignedno
freerdp3CVE-2026-40254not yet assignedno
libmojolicious-perlCVE-2024-58134not yet assignedno
CVE-2024-58135not yet assignedno
linuxCVE-2013-7445not yet assignedno
CVE-2018-12928lowno
CVE-2019-15213not yet assignedno
CVE-2019-16089not yet assignedno
CVE-2019-19449not yet assignedno
CVE-2019-19814not yet assignedno
CVE-2019-20794not yet assignedno
CVE-2020-14304not yet assignedno
CVE-2020-36694not yet assignedno
CVE-2021-3847not yet assignedno
CVE-2021-3864not yet assignedno
CVE-2023-3397not yet assignedno
CVE-2023-4010not yet assignedno
CVE-2023-6238not yet assignedno
CVE-2023-6240not yet assignedno
CVE-2023-31082not yet assignedno
CVE-2023-37454not yet assignedno
CVE-2024-2193not yet assignedno
CVE-2024-21803not yet assignedno
CVE-2024-24864not yet assignedno
CVE-2024-56709not yet assignedno
mesaCVE-2026-40393not yet assignedno
nvidia-graphics-drivers (non-free-firmware)CVE-2025-23279not yet assignedno
CVE-2025-23280not yet assignedno
CVE-2025-23282not yet assignedno
CVE-2025-23286not yet assignedno
CVE-2025-23300not yet assignedno
CVE-2025-23330not yet assignedno
CVE-2025-23332not yet assignedno
CVE-2025-23345not yet assignedno
CVE-2025-33219not yet assignedno
nvidia-open-gpu-kernel-modules (contrib)CVE-2025-23279not yet assignedno
CVE-2025-23280not yet assignedno
CVE-2025-23282not yet assignedno
CVE-2025-23286not yet assignedno
CVE-2025-23300not yet assignedno
CVE-2025-23330not yet assignedno
CVE-2025-23332not yet assignedno
CVE-2025-23345not yet assignedno
CVE-2025-33219not yet assignedno
opensshCVE-2026-35385not yet assignedno
CVE-2026-35386not yet assignedno
CVE-2026-35387not yet assignedno
CVE-2026-35388not yet assignedno
CVE-2026-35414not yet assignedno
pyasn1CVE-2026-30922not yet assignedno
streamlinkCVE-2026-44353not yet assigned?
swupdateCVE-2026-2966not yet assignedno
CVE-2026-2967not yet assignedno
CVE-2026-2968not yet assignedno
CVE-2026-5244not yet assignedno
CVE-2026-5245not yet assignedno
CVE-2026-5246not yet assignedno
CVE-2026-6985not yet assignedno
CVE-2026-6986not yet assignedno
CVE-2026-28525not yet assignedno
tinyproxyCVE-2026-3945not yet assignedno
CVE-2026-31842not yet assignedno
zabbixCVE-2026-23924not yet assignedno
znuny (non-free)CVE-2025-52204not yet assignedno
CVE-2025-59490not yet assigned?

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.

Search for package or bug name: Reporting problems