Candidates for DTSAs

The table below lists packages which are fixed in unstable, but unfixed in testing. Use the testing migration checker to find out why they have not entered testing yet.

List of vulnerable packages in testing

Package	Migration	Bug	Urgency	Remote
calibre	check	CVE-2026-25635	not yet assigned	no
		CVE-2026-25636	not yet assigned	no
		CVE-2026-25731	not yet assigned	no
		CVE-2026-26064	not yet assigned	no
		CVE-2026-26065	not yet assigned	no
		CVE-2026-27810	not yet assigned	no
		CVE-2026-27824	not yet assigned	no
		CVE-2026-30853	not yet assigned	no
chromium	check	CVE-2026-3909	not yet assigned	no	(fixed in stable?)
		CVE-2026-3910	not yet assigned	no	(fixed in stable?)
cosign	check	CVE-2026-22703	not yet assigned	no
curl	check	CVE-2026-1965	not yet assigned	no
		CVE-2026-3783	not yet assigned	no
		CVE-2026-3784	not yet assigned	no
		CVE-2026-3805	not yet assigned	no
edk2	check	CVE-2024-38798	not yet assigned	no
flask	check	CVE-2026-27205	not yet assigned	no
freerdp3	check	CVE-2026-29774	not yet assigned	no
		CVE-2026-29775	not yet assigned	no
		CVE-2026-29776	not yet assigned	no
		CVE-2026-31806	not yet assigned	no
		CVE-2026-31883	not yet assigned	no
		CVE-2026-31884	not yet assigned	no
		CVE-2026-31885	not yet assigned	no
		CVE-2026-31897	not yet assigned	no
golang-github-go-git-go-git	check	CVE-2026-25934	not yet assigned	no
grub2	check	CVE-2025-54770	not yet assigned	no
		CVE-2025-54771	not yet assigned	no
		CVE-2025-61661	not yet assigned	no
		CVE-2025-61662	not yet assigned	no
		CVE-2025-61663	not yet assigned	no
		CVE-2025-61664	not yet assigned	no
imagemagick	check	CVE-2026-28493	not yet assigned	no
		CVE-2026-28494	not yet assigned	no
		CVE-2026-28686	not yet assigned	no
		CVE-2026-28687	not yet assigned	no
		CVE-2026-28688	not yet assigned	no
		CVE-2026-28689	not yet assigned	no
		CVE-2026-28690	not yet assigned	no
		CVE-2026-28691	not yet assigned	no
		CVE-2026-28692	not yet assigned	no
		CVE-2026-28693	not yet assigned	no
		CVE-2026-30883	not yet assigned	no
		CVE-2026-30929	not yet assigned	no
		CVE-2026-30931	not yet assigned	no
		CVE-2026-30935	not yet assigned	no
		CVE-2026-30936	not yet assigned	no
		CVE-2026-30937	not yet assigned	no
		CVE-2026-31853	not yet assigned	no
		CVE-2026-32259	not yet assigned	no
libsixel	check	CVE-2022-29977	not yet assigned	no
		CVE-2022-29978	not yet assigned	no
		CVE-2025-9300	not yet assigned	no
libssh	check	CVE-2026-0964	not yet assigned	?
		CVE-2026-0965	not yet assigned	?
		CVE-2026-0966	not yet assigned	?
		CVE-2026-0967	not yet assigned	?
		CVE-2026-0968	not yet assigned	?
		CVE-2026-3731	not yet assigned	no
nfs-utils	check	CVE-2025-12801	not yet assigned	no
node-flatted	check	CVE-2026-32141	not yet assigned	no
node-rollup	check	CVE-2026-27606	not yet assigned	no
openexr	check	CVE-2025-12495	not yet assigned	no
		CVE-2025-12839	not yet assigned	no
		CVE-2025-12840	not yet assigned	no
		CVE-2025-48074	not yet assigned	no
		CVE-2025-64181	not yet assigned	no
		CVE-2026-27622	not yet assigned	no
ruby-rack	check	CVE-2026-22860	not yet assigned	no
		CVE-2026-25500	not yet assigned	no
rust-quinn-proto	check	CVE-2026-31812	not yet assigned	no
rust-wasmtime	check	CVE-2026-27204	not yet assigned	no
		CVE-2026-27572	not yet assigned	no
rust-yamux	check	CVE-2026-32314	not yet assigned	no
systemd	check	CVE-2026-4105	not yet assigned	no
vim	check	CVE-2026-26269	not yet assigned	no
		CVE-2026-28417	not yet assigned	no
		CVE-2026-28418	not yet assigned	no
		CVE-2026-28419	not yet assigned	no
		CVE-2026-28420	not yet assigned	no
		CVE-2026-28421	not yet assigned	no
zookeeper	check	CVE-2026-24281	not yet assigned	no
		CVE-2026-24308	not yet assigned	no