This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| angular.js | CVE-2026-27970 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie |
| CVE-2026-32635 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-41423 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-46417 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50168 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50169 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50170 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50171 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50184 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50555 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50556 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-50557 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-52725 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-54264 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-54265 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-54266 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-54267 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-54268 | Angular is a development platform for building mobile and desktop web ... | bookworm, bullseye, forky, sid, trixie | |
| antlr4 | CVE-2026-13500 | A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected ... | bookworm, bullseye, forky, sid, trixie |
| CVE-2026-13501 | A security vulnerability has been detected in antlr ANTLR4 up to 4.13. ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-13502 | A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the f ... | bookworm, bullseye, forky, sid, trixie | |
| CVE-2026-13503 | A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by ... | bookworm, bullseye, forky, sid, trixie | |
| apt-cacher-ng | CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | bookworm, bullseye, forky, sid, trixie |
| c3p0 | CVE-2026-55223 | c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0 ... | bookworm, bullseye, forky, sid, trixie |
| fastdds | CVE-2025-65865 | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ... | bookworm, bullseye, sid, trixie |
| CVE-2025-67108 | eProsima Fast-DDS v3.3 was discovered to contain improper validation f ... | bookworm, bullseye, sid, trixie | |
| gst-libav1.0 | CVE-2026-12893 | gstreamer1-libav: gstreamer1-libav: NULL pointer dereference in gstavdemux.c error handler | bookworm, bullseye, forky, sid, trixie |
| icingaweb2 | CVE-2022-50942 | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ... | bookworm, bullseye, forky, sid, trixie |
| kgb-bot | CVE-2015-1554 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ... | bookworm, bullseye, forky, sid, trixie |
| libssh2 | CVE-2026-58050 | libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute c ... | bookworm, bullseye, forky, sid, trixie |
| CVE-2026-58051 | libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but ... | bookworm, bullseye, forky, sid, trixie | |
| linux | CVE-2020-0347 | In iptables, there is a possible out of bounds write due to an incorre ... | bookworm, bullseye, forky, sid, trixie |
| node-webfont | CVE-2023-26920 | fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. | bookworm, forky, sid, trixie |
| CVE-2026-25896 | fast-xml-parser allows users to validate XML, parse XML to JS object, ... | bookworm, forky, sid, trixie | |
| CVE-2026-26278 | fast-xml-parser allows users to validate XML, parse XML to JS object, ... | bookworm, forky, sid, trixie | |
| CVE-2026-27942 | fast-xml-parser allows users to validate XML, parse XML to JS object, ... | bookworm, forky, sid, trixie | |
| CVE-2026-33036 | fast-xml-parser allows users to process XML from JS object without C/C ... | bookworm, forky, sid, trixie | |
| CVE-2026-33349 | fast-xml-parser allows users to process XML from JS object without C/C ... | bookworm, forky, sid, trixie | |
| CVE-2026-41650 | fast-xml-parser allows users to process XML from JS object without C/C ... | bookworm, forky, sid, trixie | |
| opencpn | CVE-2025-56814 | A code injection vulnerability in the wxExecute() function of OpenCPN ... | bullseye, forky, sid, trixie |
| openssh | CVE-2026-55654 | A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds ... | bookworm, bullseye, forky, sid, trixie |
| CVE-2026-55655 | A flaw was found in OpenSSH. A local unprivileged attacker on a Linux ... | bookworm, bullseye, forky, sid, trixie | |
| openvswitch | CVE-2026-36499 | A missing upper-bound check in the udpif_set_threads() function of Ope ... | bookworm, bullseye, forky, sid, trixie |
| pam | CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | bookworm, bullseye, forky, sid, trixie |
| phppgadmin | CVE-2025-60796 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ... | forky, sid, trixie |
| CVE-2025-60797 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | forky, sid, trixie | |
| CVE-2025-60798 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | forky, sid, trixie | |
| CVE-2025-60799 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ... | forky, sid, trixie | |
| slic3r-prusa | CVE-2023-47268 | In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ... | bookworm, bullseye, forky, sid, trixie |
| wordpress | CVE-2019-8943 | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ... | bookworm, bullseye, forky, sid, trixie |