Search for packages
| purl | pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2 |
| Next non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Latest non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ze9-599r-aaam
Aliases: CVE-2023-46303 |
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. |
Affected by 0 other vulnerabilities. |
|
VCID-w8cc-y1jy-aaac
Aliases: CVE-2021-44686 |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ze9-599r-aaam | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. |
CVE-2023-46303
|
| VCID-4atp-nc7m-aaan | Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. |
CVE-2024-7009
|
| VCID-fv8h-uybh-aaas | Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. |
CVE-2024-7008
|
| VCID-w8cc-y1jy-aaac | calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
CVE-2021-44686
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-20T23:51:55.692202+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T22:23:43.242051+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | None | 36.1.3 |
| 2025-06-20T20:25:08.477290+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 36.1.3 |
| 2025-06-20T19:43:17.455821+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-05T14:16:02.230131+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 36.1.0 |
| 2025-06-05T13:51:34.615680+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 36.1.0 |
| 2025-04-13T02:00:59.294760+00:00 | Debian Oval Importer | Fixing | VCID-4atp-nc7m-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:54.870979+00:00 | Debian Oval Importer | Fixing | VCID-fv8h-uybh-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:08.042891+00:00 | Debian Oval Importer | Affected by | VCID-w8cc-y1jy-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:54:20.639690+00:00 | Debian Oval Importer | Affected by | VCID-1ze9-599r-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-04T02:33:24.055854+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T01:02:12.426688+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | None | 36.0.0 |
| 2025-04-03T23:15:00.646035+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 36.0.0 |
| 2025-04-03T22:50:05.481248+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-02-21T14:23:47.625940+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-21T14:23:46.278765+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | None | 35.1.0 |
| 2025-02-20T07:42:05.871038+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-20T07:41:55.017439+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 35.1.0 |
| 2024-11-24T03:29:34.658609+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-24T03:29:33.333596+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | None | 35.0.0 |
| 2024-11-23T01:18:28.293682+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-23T01:18:17.146576+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 35.0.0 |
| 2024-10-11T00:53:12.758798+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-11T00:53:11.325984+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | None | 34.0.2 |
| 2024-10-09T23:48:56.738611+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-09T23:48:45.428910+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 34.0.2 |
| 2024-09-20T05:23:22.300471+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-20T05:23:20.945054+00:00 | Debian Importer | Fixing | VCID-1ze9-599r-aaam | None | 34.0.1 |
| 2024-09-19T07:24:31.343689+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-19T07:24:20.656801+00:00 | Debian Importer | Fixing | VCID-w8cc-y1jy-aaac | None | 34.0.1 |