Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
angular.jsCVE-2026-27970Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-32635Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-41423Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-46417Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50168Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50169Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50170Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50171Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50184Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50555Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50556Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-50557Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-52725Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-54264Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-54265Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-54266Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-54267Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
CVE-2026-54268Angular is a development platform for building mobile and desktop web ...bookworm, bullseye, forky, sid, trixie
antlr4CVE-2026-13500A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected ...bookworm, bullseye, forky, sid, trixie
CVE-2026-13501A security vulnerability has been detected in antlr ANTLR4 up to 4.13. ...bookworm, bullseye, forky, sid, trixie
CVE-2026-13502A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the f ...bookworm, bullseye, forky, sid, trixie
CVE-2026-13503A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by ...bookworm, bullseye, forky, sid, trixie
apt-cacher-ngCVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...bookworm, bullseye, forky, sid, trixie
c3p0CVE-2026-55223c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0 ...bookworm, bullseye, forky, sid, trixie
fastddsCVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...bookworm, bullseye, sid, trixie
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...bookworm, bullseye, sid, trixie
gst-libav1.0CVE-2026-12893gstreamer1-libav: gstreamer1-libav: NULL pointer dereference in gstavdemux.c error handlerbookworm, bullseye, forky, sid, trixie
icingaweb2CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...bookworm, bullseye, forky, sid, trixie
kgb-botCVE-2015-1554kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ...bookworm, bullseye, forky, sid, trixie
libssh2CVE-2026-58050libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute c ...bookworm, bullseye, forky, sid, trixie
CVE-2026-58051libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but ...bookworm, bullseye, forky, sid, trixie
linuxCVE-2020-0347In iptables, there is a possible out of bounds write due to an incorre ...bookworm, bullseye, forky, sid, trixie
node-webfontCVE-2023-26920fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.bookworm, forky, sid, trixie
CVE-2026-25896fast-xml-parser allows users to validate XML, parse XML to JS object, ...bookworm, forky, sid, trixie
CVE-2026-26278fast-xml-parser allows users to validate XML, parse XML to JS object, ...bookworm, forky, sid, trixie
CVE-2026-27942fast-xml-parser allows users to validate XML, parse XML to JS object, ...bookworm, forky, sid, trixie
CVE-2026-33036fast-xml-parser allows users to process XML from JS object without C/C ...bookworm, forky, sid, trixie
CVE-2026-33349fast-xml-parser allows users to process XML from JS object without C/C ...bookworm, forky, sid, trixie
CVE-2026-41650fast-xml-parser allows users to process XML from JS object without C/C ...bookworm, forky, sid, trixie
opencpnCVE-2025-56814A code injection vulnerability in the wxExecute() function of OpenCPN ...bullseye, forky, sid, trixie
opensshCVE-2026-55654A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds ...bookworm, bullseye, forky, sid, trixie
CVE-2026-55655A flaw was found in OpenSSH. A local unprivileged attacker on a Linux ...bookworm, bullseye, forky, sid, trixie
openvswitchCVE-2026-36499A missing upper-bound check in the udpif_set_threads() function of Ope ...bookworm, bullseye, forky, sid, trixie
pamCVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...bookworm, bullseye, forky, sid, trixie
phppgadminCVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...forky, sid, trixie
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...forky, sid, trixie
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...forky, sid, trixie
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...forky, sid, trixie
slic3r-prusaCVE-2023-47268In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...bookworm, bullseye, forky, sid, trixie
wordpressCVE-2019-8943WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...bookworm, bullseye, forky, sid, trixie

Search for package or bug name: Reporting problems