Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3
purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3
Next non-vulnerable version 1.22.1-9+deb12u4
Latest non-vulnerable version 1.28.3-2
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2cu7-pyw5-t3dm
Aliases:
CVE-2026-28753
Injection in auth_http and XCLIENT
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-3czf-dtzg-8kdm
Aliases:
CVE-2026-27651
NULL pointer dereference while using CRAM-MD5 or APOP
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-5781-s1ny-q7ey
Aliases:
CVE-2023-44487
GHSA-2m7v-gc89-fjqf
GHSA-qppj-fm5r-hxr3
GHSA-vx74-f528-fxqg
GHSA-xpw8-rcwv-8f8p
GMS-2023-3377
VSV00013
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
VCID-fmvd-vyt7-mkfk
Aliases:
CVE-2026-27654
Buffer overflow in ngx_http_dav_module
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-kpjx-rrjs-subs
Aliases:
CVE-2026-28755
OCSP result bypass in stream
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-sxf9-qr1j-u3et
Aliases:
CVE-2026-27784
Buffer overflow in the ngx_http_mp4_module
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
VCID-z3xb-4krg-rbae
Aliases:
CVE-2026-32647
Buffer overflow in the ngx_http_mp4_module
1.22.1-9+deb12u4
Affected by 0 other vulnerabilities.
1.28.3-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-22cq-z7km-cfdc SSL session reuse vulnerability CVE-2025-23419
VCID-c4ta-jqmg-wfgf lua-nginx-module: HTTP request smuggling via a crafted HEAD request CVE-2024-33452
VCID-d1c6-dt2p-9kaa SSL upstream injection CVE-2026-1642
VCID-eb23-pd25-yqg3 Buffer overread in the ngx_http_mp4_module CVE-2024-7347
VCID-hemy-pnpj-sfg3 Buffer overread in the ngx_mail_smtp_module CVE-2025-53859
VCID-y3tg-7fge-1yfy ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. CVE-2020-36309

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T20:27:27.247671+00:00 Debian Oval Importer Fixing VCID-c4ta-jqmg-wfgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:42:11.276818+00:00 Debian Oval Importer Fixing VCID-eb23-pd25-yqg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:25:01.378893+00:00 Debian Oval Importer Fixing VCID-22cq-z7km-cfdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:00:47.186455+00:00 Debian Oval Importer Fixing VCID-y3tg-7fge-1yfy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T08:47:50.271635+00:00 Debian Importer Affected by VCID-fmvd-vyt7-mkfk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:44:36.561355+00:00 Debian Importer Affected by VCID-sxf9-qr1j-u3et https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:48.411044+00:00 Debian Importer Fixing VCID-d1c6-dt2p-9kaa https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:33.061837+00:00 Debian Importer Affected by VCID-5781-s1ny-q7ey https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:15:16.958417+00:00 Debian Importer Fixing VCID-hemy-pnpj-sfg3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:34:42.368819+00:00 Debian Importer Affected by VCID-3czf-dtzg-8kdm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:56:51.803500+00:00 Debian Importer Affected by VCID-kpjx-rrjs-subs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T20:08:58.098395+00:00 Debian Oval Importer Fixing VCID-c4ta-jqmg-wfgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:20:56.739581+00:00 Debian Importer Affected by VCID-z3xb-4krg-rbae https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:07:53.118005+00:00 Debian Importer Affected by VCID-2cu7-pyw5-t3dm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:28:16.508986+00:00 Debian Oval Importer Fixing VCID-eb23-pd25-yqg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:11:24.059229+00:00 Debian Oval Importer Fixing VCID-22cq-z7km-cfdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:47:22.820059+00:00 Debian Oval Importer Fixing VCID-y3tg-7fge-1yfy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T19:51:18.075488+00:00 Debian Importer Affected by VCID-fmvd-vyt7-mkfk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:50:19.653218+00:00 Debian Oval Importer Fixing VCID-c4ta-jqmg-wfgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:49:19.668128+00:00 Debian Importer Affected by VCID-sxf9-qr1j-u3et https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:39:32.784682+00:00 Debian Importer Fixing VCID-d1c6-dt2p-9kaa https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:39:23.836562+00:00 Debian Importer Affected by VCID-5781-s1ny-q7ey https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:29:44.023501+00:00 Debian Importer Fixing VCID-hemy-pnpj-sfg3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:02:17.588919+00:00 Debian Importer Affected by VCID-3czf-dtzg-8kdm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:37:07.631352+00:00 Debian Importer Affected by VCID-kpjx-rrjs-subs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T17:16:16.335782+00:00 Debian Oval Importer Fixing VCID-eb23-pd25-yqg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:00:23.512242+00:00 Debian Oval Importer Fixing VCID-22cq-z7km-cfdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:37:38.757618+00:00 Debian Oval Importer Fixing VCID-y3tg-7fge-1yfy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-04T18:06:12.976541+00:00 Debian Importer Affected by VCID-z3xb-4krg-rbae https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T17:57:40.210655+00:00 Debian Importer Affected by VCID-2cu7-pyw5-t3dm https://security-tracker.debian.org/tracker/data/json 38.1.0