Search for packages
| purl | pkg:deb/debian/prometheus@1.5.2%2Bds-2 |
| Next non-vulnerable version | 2.7.1+ds-3 |
| Latest non-vulnerable version | 2.7.1+ds-3 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1s7q-drqn-4bhd
Aliases: CVE-2019-3826 GHSA-3m87-5598-2v4f |
Withdrawn Advisory: Prometheus XSS Vulnerability ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. ## Original Description A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-15T16:21:06.607614+00:00 | Debian Oval Importer | Affected by | VCID-1s7q-drqn-4bhd | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.4.0 |
| 2026-04-11T16:08:24.457443+00:00 | Debian Oval Importer | Affected by | VCID-1s7q-drqn-4bhd | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.3.0 |
| 2026-04-08T16:01:01.739541+00:00 | Debian Oval Importer | Affected by | VCID-1s7q-drqn-4bhd | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.1.0 |