| Bug | Description | Note |
|---|
| CVE-2016-1584 | In all versions of Unity8 a running but not active application on a la ... | check proper tracking update |
| CVE-2019-25338 | DokuWiki 2018-04-22b contains a username enumeration vulnerability in ... | check upstream status |
| CVE-2019-25355 | gSOAP 2.8 contains a directory traversal vulnerability that allows una ... | check upstream status |
| CVE-2020-36968 | M/Monit 3.7.4 contains an authentication vulnerability that allows aut ... | check, unclear upstream status |
| CVE-2020-36969 | M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ... | check, unclear upstream status |
| CVE-2020-37011 | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ... | check, unclear upstream status. Doesn't reproduce with the version in trixie |
| CVE-2020-37038 | Code Blocks 20.03 contains a denial of service vulnerability that allo ... | check, possibly just DoS of application and unimportant |
| CVE-2020-37040 | Code Blocks 17.12 contains a local buffer overflow vulnerability that ... | check, might be Windows specific issue |
| CVE-2020-37167 | ClamAV versions prior to 0.103.0-rc contain a vulnerability in functio ... | check upstream status |
| CVE-2020-37182 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ... | check details |
| CVE-2022-23538 | github.com/sylabs/scs-library-client is the Go client for the Singular ... | check details, might as well affect golang-github-apptainer-container-library-client |
| CVE-2022-50942 | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ... | check status upstream |
| CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implem ... | check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ... | check if affecting ldap-account-manager or unused path |
| CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50262 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ... | check sources embedding php-dompdf if affected |
| CVE-2024-22420 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-22421 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2025-4382 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ... | double check if vulnerability only considered present after grub_is_cli_disabled is introduced |
| CVE-2025-6499 | A vulnerability classified as problematic was found in vstakhov libucl ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-8671 | A mismatch caused by client-triggered server-sent stream resets betwee ... | check, some projects will assign own CVEs and should then be covered under that specific CVE instead |
| CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes |
| CVE-2025-11010 | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | clarifying with reporter and Eduard Bloch on the issue. |
| CVE-2025-60796 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ... | check, possibly not reported upstream |
| CVE-2025-60797 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60798 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60799 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ... | check, possibly not reported upstream |
| CVE-2025-61982 | An arbitrary code execution vulnerability exists in the Code Stream di ... | check upstream status |
| CVE-2025-65102 | PJSIP is a free and open source multimedia communication library. Prio ... | check, might affect asterisk and ring |
| CVE-2025-65865 | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ... | check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream |
| CVE-2025-67108 | eProsima Fast-DDS v3.3 was discovered to contain improper validation f ... | check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream |
| CVE-2025-69534 | Python-Markdown version 3.8 contain a vulnerability where malformed HT ... | Asking whether it really needs a backport: https://bugs.debian.org/1131896 |
| CVE-2025-69720 | The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ... | check upstream status |
| CVE-2026-0708 | A flaw was found in libucl. A remote attacker could exploit this by pr ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2026-1703 | When pip is installing and extracting a maliciously crafted wheel arch ... | check as well pipenv |
| CVE-2026-3650 | A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ... | check, vague report from Red Hat, no upstream details |
| CVE-2026-4775 | A flaw was found in the libtiff library. A remote attacker could explo ... | check details |
| CVE-2026-4833 | A weakness has been identified in Orc discount up to 3.0.1.2. This iss ... | check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present |
| CVE-2026-4948 | A flaw was found in firewalld. A local unprivileged user can exploit t ... | check, needs checking if desktop policy authorization influencing setZoneSettings2 and setPolicySettings is RedHat specific |
| CVE-2026-5185 | A security flaw has been discovered in Nothings stb_image up to 2.30. ... | check upstream details |
| CVE-2026-26200 | HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ... | check details, said to be fixed in 1.14.4-2 upstream |
| CVE-2026-26740 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ... | check report upstream |
| CVE-2026-27586 | Caddy is an extensible server platform that uses TLS by default. Prior ... | check, introducing version |
| CVE-2026-27970 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) |
| CVE-2026-29022 | dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ... | qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact |
| CVE-2026-32635 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |