VulnerableCode Package Details - pkg:deb/debian/lxml@2.2.8-2%2Bdeb6u1

Search for packages

Package details: pkg:deb/debian/lxml@2.2.8-2%2Bdeb6u1

Essentials
History (20)

purl	pkg:deb/debian/lxml@2.2.8-2%2Bdeb6u1

Next non-vulnerable version	4.9.2-1
Latest non-vulnerable version	4.9.2-1
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-44yg-s35j-93gc Aliases: CVE-2014-3146 GHSA-57qw-cc2g-pv5p PYSEC-2014-9		2.3.2-1+deb7u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.0-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-54y7-7cf3-k3hz Aliases: DSA-4810-2 lxml	regression update	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-63wu-4us2-ckew Aliases: CVE-2021-43818 GHSA-55x5-fj6c-h6m8 PYSEC-2021-852	cross-site scripting	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.6.3+dfsg-0.1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-66uv-czd7-vudr Aliases: CVE-2018-19787 GHSA-xp26-p53h-6h2p PYSEC-2018-12	An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-eebj-dxtn-u3ep Aliases: CVE-2020-27783 GHSA-pgww-xf46-h92r PYSEC-2020-62	cross-site scripting	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.6.3+dfsg-0.1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wjdb-errb-17b6 Aliases: CVE-2021-28957 GHSA-jq4v-f5q6-mjqq PYSEC-2021-19	insufficient validation	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.6.3+dfsg-0.1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-05T16:04:13.016588+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-05T12:56:58.340511+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-05T12:10:43.586755+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-05T03:07:31.104443+00:00	Debian Oval Importer	Affected by	VCID-66uv-czd7-vudr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-04T21:35:38.167654+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-04T06:52:33.040275+00:00	Debian Oval Importer	Affected by	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-04T01:12:52.171081+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-04T00:52:29.561900+00:00	Debian Oval Importer	Affected by	VCID-54y7-7cf3-k3hz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-04T00:36:15.687580+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-03T16:55:47.073225+00:00	Debian Oval Importer	Affected by	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-02T04:40:37.209148+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-02T03:15:05.374906+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-02T02:49:06.647808+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-01T23:00:40.776058+00:00	Debian Oval Importer	Affected by	VCID-66uv-czd7-vudr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-01T22:14:51.876825+00:00	Debian Oval Importer	Affected by	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-01T20:59:00.781397+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T20:48:32.273811+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T20:38:36.948833+00:00	Debian Oval Importer	Affected by	VCID-54y7-7cf3-k3hz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T20:32:39.499138+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T19:01:15.735256+00:00	Debian Oval Importer	Affected by	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3