Vulnerable source packages among backports for stable

Note that the list below is based on source packages. This means that packages are not listed here once a new, fixed source version has been uploaded to the archive, even if there are still some vulnerable binary packages present in the archive.

Package	Bug	Urgency	Remote
caddy	CVE-2026-45135	not yet assigned	no
	CVE-2026-45692	not yet assigned	no
	CVE-2026-52844	not yet assigned	no
	CVE-2026-52845	not yet assigned	no
	CVE-2026-52846	not yet assigned	no
calibre	CVE-2026-25635	not yet assigned	no
	CVE-2026-25636	not yet assigned	no
	CVE-2026-25731	not yet assigned	no
	CVE-2026-26064	not yet assigned	no
	CVE-2026-26065	not yet assigned	no
	CVE-2026-27810	not yet assigned	no
	CVE-2026-27824	not yet assigned	no
	CVE-2026-30853	not yet assigned	no
	CVE-2026-33205	not yet assigned	no
	CVE-2026-33206	not yet assigned	no
ckermit	CVE-2025-68920	not yet assigned	no
claws-mail	CVE-2019-10735	low	no
cpp-httplib	CVE-2026-45352	not yet assigned	no
	CVE-2026-45372	not yet assigned	no
	CVE-2026-46527	not yet assigned	no
curl	CVE-2026-8286	not yet assigned	?
	CVE-2026-8458	not yet assigned	?
	CVE-2026-8924	not yet assigned	?
	CVE-2026-8925	not yet assigned	?
	CVE-2026-8926	not yet assigned	?
	CVE-2026-8927	not yet assigned	?
	CVE-2026-8932	not yet assigned	?
	CVE-2026-9079	not yet assigned	?
	CVE-2026-9080	not yet assigned	?
	CVE-2026-9545	not yet assigned	?
	CVE-2026-9546	not yet assigned	?
	CVE-2026-9547	not yet assigned	?
	CVE-2026-10536	not yet assigned	?
	CVE-2026-11352	not yet assigned	?
	CVE-2026-11564	not yet assigned	?
	CVE-2026-11586	not yet assigned	?
	CVE-2026-11856	not yet assigned	?
	CVE-2026-12064	not yet assigned	?
devscripts	CVE-2025-8454	not yet assigned	no
dhcpcd	CVE-2026-56113	not yet assigned	no
	CVE-2026-56114	not yet assigned	no
	CVE-2026-56116	not yet assigned	no
	CVE-2026-56117	not yet assigned	no
fort-validator	CVE-2024-56169	not yet assigned	no
	CVE-2024-56170	not yet assigned	no
gobgp	CVE-2026-49837	not yet assigned	?
golang-github-lucas-clemente-quic-go	CVE-2026-40898	not yet assigned	no
golang-golang-x-net	CVE-2026-25680	not yet assigned	no
	CVE-2026-25681	not yet assigned	no
	CVE-2026-27136	not yet assigned	no
	CVE-2026-39821	not yet assigned	no
	CVE-2026-42502	not yet assigned	no
	CVE-2026-42506	not yet assigned	no
incus	CVE-2026-48749	not yet assigned	?
	CVE-2026-48750	not yet assigned	?
	CVE-2026-48751	not yet assigned	?
	CVE-2026-48752	not yet assigned	?
	CVE-2026-48755	not yet assigned	?
	CVE-2026-48769	not yet assigned	?
	CVE-2026-55621	not yet assigned	?
	CVE-2026-55622	not yet assigned	?
lemonldap-ng	CVE-2026-12804	not yet assigned	no
libmojolicious-perl	CVE-2024-58134	not yet assigned	no
	CVE-2024-58135	not yet assigned	no
libyang	CVE-2026-41401	not yet assigned	no
	CVE-2026-44673	not yet assigned	no
linux	CVE-2013-7445	not yet assigned	no
	CVE-2018-12928	low	no
	CVE-2019-15213	not yet assigned	no
	CVE-2019-16089	not yet assigned	no
	CVE-2019-19449	not yet assigned	no
	CVE-2019-19814	not yet assigned	no
	CVE-2019-20794	not yet assigned	no
	CVE-2020-14304	not yet assigned	no
	CVE-2020-36694	not yet assigned	no
	CVE-2021-3847	not yet assigned	no
	CVE-2021-3864	not yet assigned	no
	CVE-2023-3397	not yet assigned	no
	CVE-2023-4010	not yet assigned	no
	CVE-2023-6238	not yet assigned	no
	CVE-2023-6240	not yet assigned	no
	CVE-2023-31082	not yet assigned	no
	CVE-2023-37454	not yet assigned	no
	CVE-2024-2193	not yet assigned	no
	CVE-2024-21803	not yet assigned	no
	CVE-2024-24864	not yet assigned	no
	CVE-2024-56709	not yet assigned	no
	CVE-2026-46092	not yet assigned	no
	CVE-2026-46331	not yet assigned	no
	CVE-2026-52908	not yet assigned	no
	CVE-2026-52909	not yet assigned	no
	CVE-2026-52917	not yet assigned	no
	CVE-2026-52924	not yet assigned	no
	CVE-2026-52929	not yet assigned	no
	CVE-2026-52930	not yet assigned	no
	CVE-2026-52935	not yet assigned	no
	CVE-2026-52938	not yet assigned	no
	CVE-2026-52939	not yet assigned	no
	CVE-2026-52940	not yet assigned	no
	CVE-2026-52942	not yet assigned	no
	CVE-2026-52946	not yet assigned	no
	CVE-2026-52947	not yet assigned	no
	CVE-2026-52948	not yet assigned	no
	CVE-2026-53131	not yet assigned	no
	CVE-2026-53132	not yet assigned	no
	CVE-2026-53133	not yet assigned	no
	CVE-2026-53134	not yet assigned	no
	CVE-2026-53135	not yet assigned	no
	CVE-2026-53136	not yet assigned	no
	CVE-2026-53137	not yet assigned	no
	CVE-2026-53138	not yet assigned	no
	CVE-2026-53139	not yet assigned	no
	CVE-2026-53140	not yet assigned	no
	CVE-2026-53141	not yet assigned	no
	CVE-2026-53142	not yet assigned	no
	CVE-2026-53143	not yet assigned	no
	CVE-2026-53144	not yet assigned	no
	CVE-2026-53145	not yet assigned	no
	CVE-2026-53146	not yet assigned	no
	CVE-2026-53147	not yet assigned	no
	CVE-2026-53148	not yet assigned	no
	CVE-2026-53149	not yet assigned	no
	CVE-2026-53150	not yet assigned	no
	CVE-2026-53151	not yet assigned	no
	CVE-2026-53152	not yet assigned	no
	CVE-2026-53153	not yet assigned	no
	CVE-2026-53154	not yet assigned	no
	CVE-2026-53155	not yet assigned	no
	CVE-2026-53156	not yet assigned	no
	CVE-2026-53157	not yet assigned	no
	CVE-2026-53158	not yet assigned	no
	CVE-2026-53159	not yet assigned	no
	CVE-2026-53160	not yet assigned	no
	CVE-2026-53161	not yet assigned	no
	CVE-2026-53162	not yet assigned	no
	CVE-2026-53163	not yet assigned	no
	CVE-2026-53164	not yet assigned	no
	CVE-2026-53165	not yet assigned	no
	CVE-2026-53166	not yet assigned	no
	CVE-2026-53167	not yet assigned	no
	CVE-2026-53168	not yet assigned	no
	CVE-2026-53169	not yet assigned	no
	CVE-2026-53170	not yet assigned	no
	CVE-2026-53171	not yet assigned	no
	CVE-2026-53172	not yet assigned	no
	CVE-2026-53173	not yet assigned	no
	CVE-2026-53174	not yet assigned	no
	CVE-2026-53175	not yet assigned	no
	CVE-2026-53176	not yet assigned	no
	CVE-2026-53177	not yet assigned	no
	CVE-2026-53178	not yet assigned	no
	CVE-2026-53179	not yet assigned	no
	CVE-2026-53180	not yet assigned	no
	CVE-2026-53181	not yet assigned	no
	CVE-2026-53182	not yet assigned	no
	CVE-2026-53183	not yet assigned	no
	CVE-2026-53184	not yet assigned	no
	CVE-2026-53185	not yet assigned	no
	CVE-2026-53186	not yet assigned	no
	CVE-2026-53187	not yet assigned	no
	CVE-2026-53188	not yet assigned	no
	CVE-2026-53189	not yet assigned	no
	CVE-2026-53190	not yet assigned	no
	CVE-2026-53191	not yet assigned	no
	CVE-2026-53192	not yet assigned	no
	CVE-2026-53193	not yet assigned	no
	CVE-2026-53194	not yet assigned	no
	CVE-2026-53195	not yet assigned	no
	CVE-2026-53196	not yet assigned	no
	CVE-2026-53197	not yet assigned	no
	CVE-2026-53198	not yet assigned	no
	CVE-2026-53199	not yet assigned	no
	CVE-2026-53200	not yet assigned	no
	CVE-2026-53201	not yet assigned	no
	CVE-2026-53202	not yet assigned	no
	CVE-2026-53203	not yet assigned	no
	CVE-2026-53204	not yet assigned	no
	CVE-2026-53205	not yet assigned	no
	CVE-2026-53206	not yet assigned	no
	CVE-2026-53207	not yet assigned	no
	CVE-2026-53208	not yet assigned	no
	CVE-2026-53209	not yet assigned	no
	CVE-2026-53210	not yet assigned	no
	CVE-2026-53211	not yet assigned	no
	CVE-2026-53212	not yet assigned	no
	CVE-2026-53213	not yet assigned	no
	CVE-2026-53214	not yet assigned	no
	CVE-2026-53215	not yet assigned	no
	CVE-2026-53216	not yet assigned	no
	CVE-2026-53217	not yet assigned	no
	CVE-2026-53218	not yet assigned	no
	CVE-2026-53219	not yet assigned	no
	CVE-2026-53220	not yet assigned	no
	CVE-2026-53221	not yet assigned	no
	CVE-2026-53222	not yet assigned	no
	CVE-2026-53223	not yet assigned	no
	CVE-2026-53224	not yet assigned	no
	CVE-2026-53225	not yet assigned	no
	CVE-2026-53226	not yet assigned	no
	CVE-2026-53227	not yet assigned	no
	CVE-2026-53228	not yet assigned	no
	CVE-2026-53229	not yet assigned	no
	CVE-2026-53230	not yet assigned	no
	CVE-2026-53231	not yet assigned	no
	CVE-2026-53232	not yet assigned	no
	CVE-2026-53233	not yet assigned	no
	CVE-2026-53234	not yet assigned	no
	CVE-2026-53235	not yet assigned	no
	CVE-2026-53236	not yet assigned	no
	CVE-2026-53237	not yet assigned	no
	CVE-2026-53238	not yet assigned	no
	CVE-2026-53239	not yet assigned	no
	CVE-2026-53240	not yet assigned	no
	CVE-2026-53241	not yet assigned	no
	CVE-2026-53242	not yet assigned	no
	CVE-2026-53243	not yet assigned	no
	CVE-2026-53244	not yet assigned	no
	CVE-2026-53245	not yet assigned	no
	CVE-2026-53246	not yet assigned	no
	CVE-2026-53247	not yet assigned	no
	CVE-2026-53248	not yet assigned	no
	CVE-2026-53249	not yet assigned	no
	CVE-2026-53250	not yet assigned	no
	CVE-2026-53251	not yet assigned	no
	CVE-2026-53252	not yet assigned	no
	CVE-2026-53253	not yet assigned	no
	CVE-2026-53254	not yet assigned	no
	CVE-2026-53255	not yet assigned	no
	CVE-2026-53256	not yet assigned	no
	CVE-2026-53257	not yet assigned	no
	CVE-2026-53258	not yet assigned	no
	CVE-2026-53259	not yet assigned	no
	CVE-2026-53260	not yet assigned	no
	CVE-2026-53261	not yet assigned	no
	CVE-2026-53262	not yet assigned	no
	CVE-2026-53263	not yet assigned	no
	CVE-2026-53264	not yet assigned	no
	CVE-2026-53265	not yet assigned	no
	CVE-2026-53266	not yet assigned	no
	CVE-2026-53267	not yet assigned	no
	CVE-2026-53268	not yet assigned	no
	CVE-2026-53269	not yet assigned	no
	CVE-2026-53270	not yet assigned	no
	CVE-2026-53271	not yet assigned	no
	CVE-2026-53272	not yet assigned	no
	CVE-2026-53273	not yet assigned	no
	CVE-2026-53274	not yet assigned	no
	CVE-2026-53275	not yet assigned	no
	CVE-2026-53276	not yet assigned	no
	CVE-2026-53277	not yet assigned	no
mesa	CVE-2026-40393	not yet assigned	no
nvidia-graphics-drivers (non-free-firmware)	CVE-2025-23279	not yet assigned	no
	CVE-2025-23280	not yet assigned	no
	CVE-2025-23282	not yet assigned	no
	CVE-2025-23286	not yet assigned	no
	CVE-2025-23300	not yet assigned	no
	CVE-2025-23330	not yet assigned	no
	CVE-2025-23332	not yet assigned	no
	CVE-2025-23345	not yet assigned	no
	CVE-2025-33219	not yet assigned	no
nvidia-open-gpu-kernel-modules (contrib)	CVE-2025-23279	not yet assigned	no
	CVE-2025-23280	not yet assigned	no
	CVE-2025-23282	not yet assigned	no
	CVE-2025-23286	not yet assigned	no
	CVE-2025-23300	not yet assigned	no
	CVE-2025-23330	not yet assigned	no
	CVE-2025-23332	not yet assigned	no
	CVE-2025-23345	not yet assigned	no
	CVE-2025-33219	not yet assigned	no
py7zr	CVE-2026-23879	not yet assigned	no
pyasn1	CVE-2026-30922	not yet assigned	no
rustc	CVE-2026-5222	not yet assigned	no
	CVE-2026-5223	not yet assigned	no
tinyproxy	CVE-2026-3945	not yet assigned	no
	CVE-2026-31842	not yet assigned	no
	CVE-2026-54387	not yet assigned	no
	CVE-2026-54388	not yet assigned	no
	CVE-2026-55202	not yet assigned	no
zabbix	CVE-2026-23924	not yet assigned	no
	CVE-2026-23926	not yet assigned	no
	CVE-2026-23927	not yet assigned	no
	CVE-2026-23928	not yet assigned	no
znuny (non-free)	CVE-2025-26843	not yet assigned	?
	CVE-2025-52204	not yet assigned	no
	CVE-2025-59490	not yet assigned	?
	CVE-2026-50591	not yet assigned	no
	CVE-2026-50592	not yet assigned	no
	TEMP-0000000-97F30C	not yet assigned	?

If a "**" is included, the urgency field was automatically assigned by the NVD (National Vulnerability Database). Note that this rating is automatically derived from a set of known factors about the issue (such as access complexity, confidentiality impact, exploitability, remediation level, and others). Human intervention is involved in determining the values of these factors, but the rating itself comes from a fully automated formula.