Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3
purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3
Next non-vulnerable version 1.22.1-9+deb12u4
Latest non-vulnerable version 1.28.3-2
Risk 10.0
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-22cq-z7km-cfdc
Aliases:
CVE-2025-23419
SSL session reuse vulnerability
1.22.1-9+deb12u3
Affected by 7 other vulnerabilities.
VCID-2cu7-pyw5-t3dm
Aliases:
CVE-2026-28753
Injection in auth_http and XCLIENT
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-3czf-dtzg-8kdm
Aliases:
CVE-2026-27651
NULL pointer dereference while using CRAM-MD5 or APOP
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-5781-s1ny-q7ey
Aliases:
CVE-2023-44487
GHSA-2m7v-gc89-fjqf
GHSA-qppj-fm5r-hxr3
GHSA-vx74-f528-fxqg
GHSA-xpw8-rcwv-8f8p
GMS-2023-3377
VSV00013
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
VCID-c4ta-jqmg-wfgf
Aliases:
CVE-2024-33452
lua-nginx-module: HTTP request smuggling via a crafted HEAD request
1.22.1-9+deb12u3
Affected by 7 other vulnerabilities.
VCID-d1c6-dt2p-9kaa
Aliases:
CVE-2026-1642
SSL upstream injection
1.22.1-9+deb12u3
Affected by 7 other vulnerabilities.
VCID-eb23-pd25-yqg3
Aliases:
CVE-2024-7347
Buffer overread in the ngx_http_mp4_module
1.22.1-9+deb12u3
Affected by 7 other vulnerabilities.
VCID-fmvd-vyt7-mkfk
Aliases:
CVE-2026-27654
Buffer overflow in ngx_http_dav_module
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-hemy-pnpj-sfg3
Aliases:
CVE-2025-53859
Buffer overread in the ngx_mail_smtp_module
1.22.1-9+deb12u3
Affected by 7 other vulnerabilities.
VCID-kpjx-rrjs-subs
Aliases:
CVE-2026-28755
OCSP result bypass in stream
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-sxf9-qr1j-u3et
Aliases:
CVE-2026-27784
Buffer overflow in the ngx_http_mp4_module
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-y3tg-7fge-1yfy
Aliases:
CVE-2020-36309
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
1.22.1-9+deb12u3
Affected by 7 other vulnerabilities.
VCID-z3xb-4krg-rbae
Aliases:
CVE-2026-32647
Buffer overflow in the ngx_http_mp4_module
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-36pf-ddpb-3khs security update CVE-2020-11724
VCID-3ysf-pvuu-47bs nginx: HTTP request smuggling in configurations with URL redirect used as error_page CVE-2019-20372
VCID-9hzg-r1fj-pubf Excessive CPU usage in HTTP/2 with priority changes CVE-2019-9513
VCID-c9ym-ckeq-63dq Memory corruption in the ngx_http_mp4_module CVE-2022-41741
VCID-cbn4-utmp-n7ba 1-byte memory overwrite in resolver CVE-2021-23017
VCID-dmv4-ydq9-a7eq Excessive CPU usage in HTTP/2 with small window updates CVE-2019-9511
VCID-kcsp-h1s5-wbea Excessive memory usage in HTTP/2 with zero length headers CVE-2019-9516
VCID-u8aq-2qhu-gff5 ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication CVE-2021-3618
VCID-wc3j-5xmu-kyex Memory disclosure in the ngx_http_mp4_module CVE-2022-41742

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T20:27:27.245505+00:00 Debian Oval Importer Affected by VCID-c4ta-jqmg-wfgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:59:15.368559+00:00 Debian Oval Importer Fixing VCID-u8aq-2qhu-gff5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:27:21.758567+00:00 Debian Oval Importer Fixing VCID-c9ym-ckeq-63dq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:07:46.842444+00:00 Debian Oval Importer Fixing VCID-cbn4-utmp-n7ba https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:13:31.549856+00:00 Debian Oval Importer Fixing VCID-wc3j-5xmu-kyex https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:53:35.294652+00:00 Debian Oval Importer Fixing VCID-9hzg-r1fj-pubf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:42:11.272821+00:00 Debian Oval Importer Affected by VCID-eb23-pd25-yqg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:38:26.857050+00:00 Debian Oval Importer Fixing VCID-kcsp-h1s5-wbea https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:25:01.375592+00:00 Debian Oval Importer Affected by VCID-22cq-z7km-cfdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:00:47.183029+00:00 Debian Oval Importer Affected by VCID-y3tg-7fge-1yfy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T08:47:50.266675+00:00 Debian Importer Affected by VCID-fmvd-vyt7-mkfk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:44:36.557209+00:00 Debian Importer Affected by VCID-sxf9-qr1j-u3et https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:48.407295+00:00 Debian Importer Affected by VCID-d1c6-dt2p-9kaa https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:33.058068+00:00 Debian Importer Affected by VCID-5781-s1ny-q7ey https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:15:16.954393+00:00 Debian Importer Affected by VCID-hemy-pnpj-sfg3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:34:42.365144+00:00 Debian Importer Affected by VCID-3czf-dtzg-8kdm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:56:51.796281+00:00 Debian Importer Affected by VCID-kpjx-rrjs-subs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T00:20:32.154038+00:00 Debian Oval Importer Fixing VCID-dmv4-ydq9-a7eq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:23:36.611217+00:00 Debian Oval Importer Fixing VCID-3ysf-pvuu-47bs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:24:24.930008+00:00 Debian Oval Importer Fixing VCID-36pf-ddpb-3khs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:08:58.094515+00:00 Debian Oval Importer Affected by VCID-c4ta-jqmg-wfgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:41:12.407488+00:00 Debian Oval Importer Fixing VCID-u8aq-2qhu-gff5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:10:21.582142+00:00 Debian Oval Importer Fixing VCID-c9ym-ckeq-63dq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:51:35.516686+00:00 Debian Oval Importer Fixing VCID-cbn4-utmp-n7ba https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:20:56.735524+00:00 Debian Importer Affected by VCID-z3xb-4krg-rbae https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:07:53.114132+00:00 Debian Importer Affected by VCID-2cu7-pyw5-t3dm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:58:57.657581+00:00 Debian Oval Importer Fixing VCID-wc3j-5xmu-kyex https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:39:33.964266+00:00 Debian Oval Importer Fixing VCID-9hzg-r1fj-pubf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:28:16.505297+00:00 Debian Oval Importer Affected by VCID-eb23-pd25-yqg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:24:39.441589+00:00 Debian Oval Importer Fixing VCID-kcsp-h1s5-wbea https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:11:24.055242+00:00 Debian Oval Importer Affected by VCID-22cq-z7km-cfdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:47:22.815862+00:00 Debian Oval Importer Affected by VCID-y3tg-7fge-1yfy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:51:17.424454+00:00 Debian Oval Importer Fixing VCID-dmv4-ydq9-a7eq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:56:49.228773+00:00 Debian Oval Importer Fixing VCID-3ysf-pvuu-47bs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:00:21.748569+00:00 Debian Oval Importer Fixing VCID-36pf-ddpb-3khs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:51:18.071331+00:00 Debian Importer Affected by VCID-fmvd-vyt7-mkfk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:50:19.648961+00:00 Debian Oval Importer Affected by VCID-c4ta-jqmg-wfgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:49:19.663446+00:00 Debian Importer Affected by VCID-sxf9-qr1j-u3et https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:39:32.780657+00:00 Debian Importer Affected by VCID-d1c6-dt2p-9kaa https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:39:23.831437+00:00 Debian Importer Affected by VCID-5781-s1ny-q7ey https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:29:44.019029+00:00 Debian Importer Affected by VCID-hemy-pnpj-sfg3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:24:10.250162+00:00 Debian Oval Importer Fixing VCID-u8aq-2qhu-gff5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:02:17.583978+00:00 Debian Importer Affected by VCID-3czf-dtzg-8kdm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:54:26.675621+00:00 Debian Oval Importer Fixing VCID-c9ym-ckeq-63dq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:37:07.626855+00:00 Debian Importer Affected by VCID-kpjx-rrjs-subs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:36:24.526153+00:00 Debian Oval Importer Fixing VCID-cbn4-utmp-n7ba https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:45:41.767350+00:00 Debian Oval Importer Fixing VCID-wc3j-5xmu-kyex https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:26:55.931772+00:00 Debian Oval Importer Fixing VCID-9hzg-r1fj-pubf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:16:16.330737+00:00 Debian Oval Importer Affected by VCID-eb23-pd25-yqg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:12:51.657652+00:00 Debian Oval Importer Fixing VCID-kcsp-h1s5-wbea https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:00:23.507807+00:00 Debian Oval Importer Affected by VCID-22cq-z7km-cfdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:37:38.753328+00:00 Debian Oval Importer Affected by VCID-y3tg-7fge-1yfy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-04T18:06:12.971471+00:00 Debian Importer Affected by VCID-z3xb-4krg-rbae https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T17:57:40.204115+00:00 Debian Importer Affected by VCID-2cu7-pyw5-t3dm https://security-tracker.debian.org/tracker/data/json 38.1.0