Search for packages
Package details: pkg:deb/debian/epiphany-browser@3.14.1-1
purl pkg:deb/debian/epiphany-browser@3.14.1-1
Next non-vulnerable version 48.3-2
Latest non-vulnerable version 48.3-2
Risk 4.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-2316-kp7u-aaag
Aliases:
CVE-2017-1000025
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
3.22.7-1
Affected by 9 other vulnerabilities.
VCID-869c-shsa-aaad
Aliases:
CVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-gex6-76gc-aaag
Aliases:
CVE-2018-11396
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
3.32.1.2-3~deb10u1
Affected by 7 other vulnerabilities.
VCID-hg6a-nnf7-aaan
Aliases:
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-kr21-knq3-aaaf
Aliases:
CVE-2019-25085
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-qccg-re6f-aaaf
Aliases:
CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-v3v3-16gd-aaas
Aliases:
CVE-2023-26081
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
43.1-1
Affected by 1 other vulnerability.
VCID-wdyq-k3mq-aaah
Aliases:
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-xmbp-1n9r-aaab
Aliases:
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
VCID-zk2g-37wy-aaah
Aliases:
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
3.38.2-1+deb11u3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:13:55.484320+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T19:06:46.926426+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:35:10.233187+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:49:35.712337+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:00:28.659042+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:28:53.901799+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:21:30.974907+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:41:57.913552+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:02:11.921803+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:43:15.173164+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:30:04.557607+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:13:10.868164+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.3
2025-06-21T07:03:12.764444+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.3
2025-06-21T04:42:58.765977+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.3
2025-06-21T00:53:33.132950+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.3
2025-06-21T00:34:17.827941+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.3
2025-06-21T00:32:42.986453+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.3
2025-06-21T00:22:02.785193+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.3
2025-06-20T21:54:28.858796+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.3
2025-06-20T21:33:18.670715+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.3
2025-06-20T20:43:48.622256+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.3
2025-06-08T13:08:06.915115+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:04:22.370032+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:17:35.049190+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:15:28.868222+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:42:44.010536+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:35:52.367142+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:05:32.094621+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:22:32.071161+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:45:31.748742+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:14:46.568301+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:07:40.501781+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:36:04.919311+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:55:34.025188+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:01.467703+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:50:34.279055+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T01:54:28.856503+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.1.0
2025-06-08T00:42:56.921236+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.1.0
2025-06-07T22:19:54.955803+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.1.0
2025-06-07T18:15:54.590395+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.1.0
2025-06-07T17:56:55.868564+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.1.0
2025-06-07T17:55:21.520356+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.1.0
2025-06-07T17:44:56.279909+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.1.0
2025-06-07T15:17:51.938384+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.1.0
2025-06-07T14:55:52.213790+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.1.0
2025-06-07T14:15:41.735627+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.1.0
2025-04-12T21:03:25.715100+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:43:27.570227+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:55:44.952591+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:51:51.935223+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:03:24.550677+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:01:13.367466+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:27:32.139066+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:20:22.889806+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:48:50.798646+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:03:32.796365+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:17:51.569691+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:46:46.107187+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:39:29.243264+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:07:31.679123+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:28:00.386676+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:00.594229+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:21:43.098786+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T00:26:07.398517+00:00 Debian Oval Importer Affected by VCID-v3v3-16gd-aaas None 36.0.0
2025-04-07T23:15:14.376716+00:00 Debian Oval Importer Affected by VCID-kr21-knq3-aaaf None 36.0.0
2025-04-07T20:51:26.696754+00:00 Debian Oval Importer Affected by VCID-wdyq-k3mq-aaah None 36.0.0
2025-04-07T16:53:22.952055+00:00 Debian Oval Importer Affected by VCID-2316-kp7u-aaag None 36.0.0
2025-04-07T16:33:48.224657+00:00 Debian Oval Importer Affected by VCID-gex6-76gc-aaag None 36.0.0
2025-04-07T16:32:10.091579+00:00 Debian Oval Importer Affected by VCID-zk2g-37wy-aaah None 36.0.0
2025-04-07T16:21:08.392711+00:00 Debian Oval Importer Affected by VCID-hg6a-nnf7-aaan None 36.0.0
2025-04-07T13:49:21.464822+00:00 Debian Oval Importer Affected by VCID-qccg-re6f-aaaf None 36.0.0
2025-04-07T13:27:50.279761+00:00 Debian Oval Importer Affected by VCID-869c-shsa-aaad None 36.0.0
2025-04-07T12:48:39.135341+00:00 Debian Oval Importer Affected by VCID-xmbp-1n9r-aaab None 36.0.0