Search for packages
Package details: pkg:deb/debian/epiphany-browser@2.14.3-8
purl pkg:deb/debian/epiphany-browser@2.14.3-8
Next non-vulnerable version 48.3-2
Latest non-vulnerable version 48.3-2
Risk 4.0
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-2316-kp7u-aaag
Aliases:
CVE-2017-1000025
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
3.22.7-1
Affected by 9 other vulnerabilities.
VCID-4p9r-2vnz-aaaf
Aliases:
CVE-2008-5985
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
2.22.3-9
Affected by 11 other vulnerabilities.
VCID-869c-shsa-aaad
Aliases:
CVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-c7cz-hxp3-aaaq
Aliases:
CVE-2010-3312
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
2.30.6-1
Affected by 10 other vulnerabilities.
VCID-gex6-76gc-aaag
Aliases:
CVE-2018-11396
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-hg6a-nnf7-aaan
Aliases:
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-kr21-knq3-aaaf
Aliases:
CVE-2019-25085
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-qccg-re6f-aaaf
Aliases:
CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-v3v3-16gd-aaas
Aliases:
CVE-2023-26081
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
43.1-1
Affected by 1 other vulnerability.
VCID-wdyq-k3mq-aaah
Aliases:
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-xmbp-1n9r-aaab
Aliases:
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-zk2g-37wy-aaah
Aliases:
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:13:55.475488+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T19:06:46.917790+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:35:10.223639+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:19:58.449997+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:49:35.702847+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:00:28.650335+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:28:53.895468+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:21:30.967952+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:41:57.905423+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:25:28.554213+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:02:11.913287+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:51:20.663838+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:43:15.165467+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:30:04.549655+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:13:10.857627+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.3
2025-06-21T07:03:12.756903+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.3
2025-06-21T04:42:58.756373+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.3
2025-06-21T00:53:33.124875+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.3
2025-06-21T00:34:17.819643+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.3
2025-06-21T00:32:42.977425+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.3
2025-06-21T00:22:02.777179+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.3
2025-06-20T23:56:19.125730+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq None 36.1.3
2025-06-20T21:54:28.849421+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.3
2025-06-20T21:33:18.663216+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.3
2025-06-20T21:27:39.388913+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf None 36.1.3
2025-06-20T20:43:48.615003+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.3
2025-06-08T13:08:06.907829+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:04:22.362990+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:17:35.043039+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:15:28.860991+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:42:44.004373+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:35:52.359899+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:05:32.087204+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:50:54.594010+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:22:32.064996+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:45:31.741357+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:14:46.562167+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:07:40.495767+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:36:04.913093+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:20:01.559544+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:55:34.017891+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:44:44.388240+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:01.460261+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:50:34.272780+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T01:54:28.850179+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.0
2025-06-08T00:42:56.913998+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.0
2025-06-07T22:19:54.948495+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.0
2025-06-07T18:15:54.583167+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.0
2025-06-07T17:56:55.862402+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.0
2025-06-07T17:55:21.514133+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.0
2025-06-07T17:44:56.273697+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.0
2025-06-07T17:19:14.045041+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq None 36.1.0
2025-06-07T15:17:51.931119+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.0
2025-06-07T14:55:52.207643+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.0
2025-06-07T14:50:18.503571+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf None 36.1.0
2025-06-07T14:15:41.729647+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.0
2025-04-12T21:03:25.695592+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:00:20.908707+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:43:27.550392+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:55:44.932610+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:51:51.914764+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:03:24.532672+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:01:13.347564+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:27:32.119083+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:20:22.869425+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:48:50.777649+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:33:13.982071+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:03:32.779899+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:17:51.550039+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:46:46.087290+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:39:29.223371+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:07:31.659280+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:51:22.104434+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:28:00.366294+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:17:14.794060+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:00.573246+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:21:43.078940+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T00:26:07.376796+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.0.0
2025-04-07T23:15:14.355247+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.0.0
2025-04-07T20:51:26.675292+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.0.0
2025-04-07T16:53:22.930527+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.0.0
2025-04-07T16:33:48.203112+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.0.0
2025-04-07T16:32:10.070275+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.0.0
2025-04-07T16:21:08.370676+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.0.0
2025-04-07T15:53:11.833168+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq None 36.0.0
2025-04-07T13:49:21.442828+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.0.0
2025-04-07T13:27:50.257531+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.0.0
2025-04-07T13:22:18.743021+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf None 36.0.0
2025-04-07T12:48:39.111155+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.0.0
2024-11-27T20:46:45.329908+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-26T22:25:12.298753+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T12:54:42.734283+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T21:30:15.392806+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T23:30:42.401719+00:00 Debian Oval Importer Affected by VCID-c7cz-hxp3-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T17:46:04.837774+00:00 Debian Oval Importer Affected by VCID-4p9r-2vnz-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1