VulnerableCode Package Details - pkg:deb/debian/lxml@2.3.2-1%2Bdeb7u1

Search for packages

Package details: pkg:deb/debian/lxml@2.3.2-1%2Bdeb7u1

Essentials
History (20)

purl	pkg:deb/debian/lxml@2.3.2-1%2Bdeb7u1

Next non-vulnerable version	4.9.2-1
Latest non-vulnerable version	4.9.2-1
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-44yg-s35j-93gc Aliases: CVE-2014-3146 GHSA-57qw-cc2g-pv5p PYSEC-2014-9		3.4.0-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-54y7-7cf3-k3hz Aliases: DSA-4810-2 lxml	regression update	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-63wu-4us2-ckew Aliases: CVE-2021-43818 GHSA-55x5-fj6c-h6m8 PYSEC-2021-852	cross-site scripting	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.6.3+dfsg-0.1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-66uv-czd7-vudr Aliases: CVE-2018-19787 GHSA-xp26-p53h-6h2p PYSEC-2018-12	An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-eebj-dxtn-u3ep Aliases: CVE-2020-27783 GHSA-pgww-xf46-h92r PYSEC-2020-62	cross-site scripting	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.6.3+dfsg-0.1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wjdb-errb-17b6 Aliases: CVE-2021-28957 GHSA-jq4v-f5q6-mjqq PYSEC-2021-19	insufficient validation	4.3.2-1+deb10u4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.6.3+dfsg-0.1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-44yg-s35j-93gc		CVE-2014-3146 GHSA-57qw-cc2g-pv5p PYSEC-2014-9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-05T16:04:13.018268+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-05T12:56:58.341997+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-05T12:10:43.588272+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-05T03:07:31.106241+00:00	Debian Oval Importer	Affected by	VCID-66uv-czd7-vudr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-04T21:35:38.169370+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-04T06:52:33.041773+00:00	Debian Oval Importer	Affected by	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-07-04T01:12:52.172856+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-04T00:52:29.563645+00:00	Debian Oval Importer	Affected by	VCID-54y7-7cf3-k3hz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-04T00:36:15.689088+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-07-03T16:55:47.074872+00:00	Debian Oval Importer	Fixing	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-07-02T04:40:37.210660+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-02T03:15:05.376396+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-02T02:49:06.649271+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-01T23:00:40.777843+00:00	Debian Oval Importer	Affected by	VCID-66uv-czd7-vudr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-01T22:14:51.878489+00:00	Debian Oval Importer	Affected by	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-07-01T20:59:00.783039+00:00	Debian Oval Importer	Affected by	VCID-wjdb-errb-17b6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T20:48:32.275876+00:00	Debian Oval Importer	Affected by	VCID-63wu-4us2-ckew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T20:38:36.950509+00:00	Debian Oval Importer	Affected by	VCID-54y7-7cf3-k3hz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T20:32:39.500806+00:00	Debian Oval Importer	Affected by	VCID-eebj-dxtn-u3ep	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-07-01T19:01:15.737898+00:00	Debian Oval Importer	Fixing	VCID-44yg-s35j-93gc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3