Search for packages
Package details: pkg:deb/debian/epiphany-browser@3.32.1.2-3~deb10u1
purl pkg:deb/debian/epiphany-browser@3.32.1.2-3~deb10u1
Next non-vulnerable version 48.3-2
Latest non-vulnerable version 48.3-2
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-aexr-t2nm-tkbw
Aliases:
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-dfk8-ujvd-gyc3
Aliases:
CVE-2019-25085
gvdb: use after free issue was fixed in gvdb_table_write_contents_async()
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-q1xj-wvgm-8qde
Aliases:
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-qf19-wz15-gbbw
Aliases:
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-qhqm-svch-g3ax
Aliases:
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-s516-n9vv-aqae
Aliases:
CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-qh4f-wutm-5qdd ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. CVE-2018-11396
VCID-r78c-skaz-5uej libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. CVE-2018-12016

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T18:06:47.038015+00:00 Debian Oval Importer Affected by VCID-s516-n9vv-aqae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:20:54.469362+00:00 Debian Oval Importer Fixing VCID-r78c-skaz-5uej https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:17:10.602259+00:00 Debian Oval Importer Affected by VCID-aexr-t2nm-tkbw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:06:54.825878+00:00 Debian Oval Importer Affected by VCID-dfk8-ujvd-gyc3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:04:07.295742+00:00 Debian Oval Importer Affected by VCID-qf19-wz15-gbbw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:19:15.584729+00:00 Debian Oval Importer Affected by VCID-q1xj-wvgm-8qde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:09:52.383339+00:00 Debian Oval Importer Affected by VCID-qhqm-svch-g3ax https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:27:36.829456+00:00 Debian Oval Importer Fixing VCID-qh4f-wutm-5qdd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0