Search for packages
Package details: pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u2
purl pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u2
Next non-vulnerable version 1.26.3-3
Latest non-vulnerable version 1.26.3-3
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-c4d1-jsqh-hban
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
1.26.3-3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-2tuc-3v8j-xudn ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. CVE-2020-36309
VCID-4bgm-zbwp-qbab SSL session reuse vulnerability CVE-2025-23419
VCID-nzr2-bv2u-v7hr NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE-2024-7347
VCID-xa13-bcwk-wycb lua-nginx-module: HTTP request smuggling via a crafted HEAD request CVE-2024-33452

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-05T09:28:34.125105+00:00 Debian Oval Importer Fixing VCID-xa13-bcwk-wycb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T03:28:06.378143+00:00 Debian Oval Importer Fixing VCID-nzr2-bv2u-v7hr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T02:13:44.862217+00:00 Debian Oval Importer Fixing VCID-4bgm-zbwp-qbab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-04T07:37:22.460540+00:00 Debian Oval Importer Fixing VCID-2tuc-3v8j-xudn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-03T17:00:11.110601+00:00 Debian Importer Affected by VCID-c4d1-jsqh-hban https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-07-02T01:25:26.788655+00:00 Debian Oval Importer Fixing VCID-xa13-bcwk-wycb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T23:08:13.446994+00:00 Debian Oval Importer Fixing VCID-nzr2-bv2u-v7hr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T22:53:56.351294+00:00 Debian Oval Importer Fixing VCID-4bgm-zbwp-qbab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T22:33:39.010207+00:00 Debian Oval Importer Fixing VCID-2tuc-3v8j-xudn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T15:48:20.970846+00:00 Debian Importer Affected by VCID-c4d1-jsqh-hban https://security-tracker.debian.org/tracker/data/json 36.1.3