Search for packages
Package details: pkg:deb/debian/epiphany-browser@1.4.8-3
purl pkg:deb/debian/epiphany-browser@1.4.8-3
Next non-vulnerable version 48.3-2
Latest non-vulnerable version 48.3-2
Risk 4.0
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-2316-kp7u-aaag
Aliases:
CVE-2017-1000025
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
3.22.7-1
Affected by 9 other vulnerabilities.
VCID-4p9r-2vnz-aaaf
Aliases:
CVE-2008-5985
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
2.22.3-9
Affected by 11 other vulnerabilities.
VCID-869c-shsa-aaad
Aliases:
CVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-c7cz-hxp3-aaaq
Aliases:
CVE-2010-3312
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
2.30.6-1
Affected by 10 other vulnerabilities.
VCID-gex6-76gc-aaag
Aliases:
CVE-2018-11396
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-hg6a-nnf7-aaan
Aliases:
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-kr21-knq3-aaaf
Aliases:
CVE-2019-25085
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-qccg-re6f-aaaf
Aliases:
CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-v3v3-16gd-aaas
Aliases:
CVE-2023-26081
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
43.1-1
Affected by 1 other vulnerability.
VCID-wdyq-k3mq-aaah
Aliases:
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-xmbp-1n9r-aaab
Aliases:
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-zk2g-37wy-aaah
Aliases:
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:13:55.470961+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T19:06:46.913304+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:35:10.218048+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:19:58.445561+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:49:35.698570+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:00:28.646475+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:28:53.891950+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:21:30.963855+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:41:57.900681+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:25:28.548624+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:02:11.909001+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:51:20.658742+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:43:15.160898+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:30:04.545603+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:13:10.852081+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.3
2025-06-21T07:03:12.752386+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.3
2025-06-21T04:42:58.751698+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.3
2025-06-21T00:53:33.119976+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.3
2025-06-21T00:34:17.815656+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.3
2025-06-21T00:32:42.972778+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.3
2025-06-21T00:22:02.773024+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.3
2025-06-20T23:56:19.121094+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq None 36.1.3
2025-06-20T21:54:28.843695+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.3
2025-06-20T21:33:18.659053+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.3
2025-06-20T21:27:39.385269+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf None 36.1.3
2025-06-20T20:43:48.611255+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.3
2025-06-08T13:08:06.904119+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:04:22.359699+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:17:35.039519+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:15:28.857233+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:42:44.001072+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:35:52.356174+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:05:32.083439+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:50:54.589446+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:22:32.061675+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:45:31.737603+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:14:46.558878+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:07:40.492525+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:36:04.909814+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:20:01.556257+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:55:34.014719+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:44:44.385061+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:01.456981+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:50:34.269473+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T01:54:28.846795+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.0
2025-06-08T00:42:56.909653+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.0
2025-06-07T22:19:54.944710+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.0
2025-06-07T18:15:54.579513+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.0
2025-06-07T17:56:55.859189+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.0
2025-06-07T17:55:21.510547+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.0
2025-06-07T17:44:56.270550+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.0
2025-06-07T17:19:14.041844+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq None 36.1.0
2025-06-07T15:17:51.927943+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.0
2025-06-07T14:55:52.204480+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.0
2025-06-07T14:50:18.499817+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf None 36.1.0
2025-06-07T14:15:41.726517+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.0
2025-04-12T21:03:25.685422+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:00:20.898951+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:43:27.540433+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:55:44.922523+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:51:51.904509+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:03:24.524602+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:01:13.337213+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:27:32.108989+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:20:22.859480+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:48:50.767837+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:33:13.972875+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:03:32.771058+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:17:51.540769+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:46:46.076782+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:39:29.213331+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:07:31.649336+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:51:22.094290+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:28:00.357294+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:17:14.784107+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:00.562745+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:21:43.069390+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T00:26:07.366442+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.0.0
2025-04-07T23:15:14.344231+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.0.0
2025-04-07T20:51:26.665357+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.0.0
2025-04-07T16:53:22.920179+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.0.0
2025-04-07T16:33:48.193087+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.0.0
2025-04-07T16:32:10.059534+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.0.0
2025-04-07T16:21:08.359771+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.0.0
2025-04-07T15:53:11.823214+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq None 36.0.0
2025-04-07T13:49:21.431743+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.0.0
2025-04-07T13:27:50.243578+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.0.0
2025-04-07T13:22:18.733369+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf None 36.0.0
2025-04-07T12:48:39.100891+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.0.0
2024-11-27T20:46:45.319460+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-26T22:25:12.288636+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T12:54:42.724237+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T21:30:15.383040+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T23:30:42.390946+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T17:46:04.825255+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1