Debian Webkit2Gtk vulnerabilities
678 known vulnerabilities affecting debian/webkit2gtk.
Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275
Vulnerabilities
Page 28 of 34
CVE-2025-31215P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.48.3-1~deb12u1 (bookworm)2025
CVE-2025-31215 [MEDIUM] CVE-2025-31215: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.5...
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.48.3-1~deb12u1)
bullseye: resolved (fixed in 2.48.3-1
debian
CVE-2025-43440P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-43440 [MEDIUM] CVE-2025-43440: webkit2gtk - This issue was addressed with improved checks. This issue is fixed in Safari 26....
This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.50.2-1~deb12u1)
bullseye: resolved (fixed in 2.50.2-1~deb11u1)
forky
debian
CVE-2026-20636P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2026
CVE-2026-20636 [MEDIUM] CVE-2026-20636: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.50.6-1~deb12u1)
bullseye: open
forky: resolved (fixed in 2.50.6-1)
sid: resolved (fix
debian
CVE-2026-20644P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2026
CVE-2026-20644 [MEDIUM] CVE-2026-20644: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.50.6-1~deb12u1)
bullseye: open
forky: resolved (fixed i
debian
CVE-2015-7096P4LOWCVSS 6.8fixed in webkit2gtk 2.10.5-1 (bookworm)2015
CVE-2015-7096 [MEDIUM] CVE-2015-7096: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-71
debian
CVE-2015-7098P4LOWCVSS 6.8fixed in webkit2gtk 2.10.5-1 (bookworm)2015
CVE-2015-7098 [MEDIUM] CVE-2015-7098: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-71
debian
CVE-2018-4113P4LOWCVSS 6.5fixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-4113 [MEDIUM] CVE-2018-4113: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.3 is affected. ...
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger a
debian
CVE-2016-7623P4LOWCVSS 6.5fixed in webkit2gtk 2.14.3-1 (bookworm)2016
CVE-2016-7623 [MEDIUM] CVE-2016-7623: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ...
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.
Scope: local
bookworm: resolved (fixed in 2.14.3-1)
bullseye: resolved (fixed in 2.14.3-1)
forky: resolved (fixed in 2.
debian
CVE-2018-11713P4LOWCVSS 6.5fixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-11713 [MEDIUM] CVE-2018-11713: webkit2gtk - WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup netw...
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
Scope: local
bookworm
debian
CVE-2022-22592P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.34.5-1 (bookworm)2022
CVE-2022-22592 [MEDIUM] CVE-2022-22592: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Scope: local
bookworm: resolved (fixed in 2.34.5-1)
bullseye: resolved (fixed in 2.34.6-1~deb11u
debian
CVE-2025-24158P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.46.6-1~deb12u1 (bookworm)2025
CVE-2025-24158 [MEDIUM] CVE-2025-24158: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.
Scope: local
bookworm: resolved (fixed in 2.46.6-1~deb12u1)
bullseye: resolved (fixed in 2.46.6-1~deb11u1)
forky: resolved (fixed i
debian
CVE-2023-41983P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.42.2-1~deb12u1 (bookworm)2023
CVE-2023-41983 [MEDIUM] CVE-2023-41983: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in ma...
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
Scope: local
bookworm: resolved (fixed in 2.42.2-1~deb12u1)
bullseye: resolved (fixed in 2.42.2-1~deb11u1)
forky: resolved (fixed in 2.42.2-1
debian
CVE-2022-22662P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.36.0-1 (bookworm)2022
CVE-2022-22662 [MEDIUM] CVE-2022-22662: webkit2gtk - A cookie management issue was addressed with improved state management. This iss...
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
Scope: local
bookworm: resolved (fixed in 2.36.0-1)
bullseye: resolved (fixed in 2.36.0-3~deb11u1)
forky: resolved (fixed in 2.
debian
CVE-2022-22589P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.34.5-1 (bookworm)2022
CVE-2022-22589 [MEDIUM] CVE-2022-22589: webkit2gtk - A validation issue was addressed with improved input sanitization. This issue is...
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
Scope: local
bookworm: resolved (fixed in 2.34.5-1)
bullseye: resolved (fixed in 2.34.6-1~deb11u1)
fo
debian
CVE-2025-24162P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.46.6-1~deb12u1 (bookworm)2025
CVE-2025-24162 [MEDIUM] CVE-2025-24162: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ...
This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.46.6-1~deb12u1)
bullseye: resolved (fixed in 2.46.6-1~
debian
CVE-2023-27954P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.40.1-1 (bookworm)2023
CVE-2023-27954 [MEDIUM] CVE-2023-27954: webkit2gtk - The issue was addressed by removing origin information. This issue is fixed in m...
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.
Scope: local
bookworm: resolved (fixed in 2.40.1-1)
bullseye: resolved (fixed in 2.40.1-1~deb11u1)
forky: resolv
debian
CVE-2017-7153P4LOWCVSS 6.1fixed in webkit2gtk 2.18.6-1 (bookworm)2017
CVE-2017-7153 [MEDIUM] CVE-2017-7153: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.2 is affected. ...
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface informat
debian
CVE-2023-38599P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.40.5-1~deb12u1 (bookworm)2023
CVE-2023-38599 [MEDIUM] CVE-2023-38599: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.
Scope: local
bookworm: resolved (fixed in 2.40.5-1~deb12u1)
bullseye: resolved (fixed in 2.40.5-1~deb11u1)
f
debian
CVE-2022-22594P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.34.4-1 (bookworm)2022
CVE-2022-22594 [MEDIUM] CVE-2022-22594: webkit2gtk - A cross-origin issue in the IndexDB API was addressed with improved input valida...
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.
Scope: local
bookworm: resolved (fixed in 2.34.4-1)
bullseye: resolved (fixed in 2.34.4-1~deb11u1)
forky: resol
debian
CVE-2024-54467P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.48.0-1~deb12u1 (bookworm)2024
CVE-2024-54467 [MEDIUM] CVE-2024-54467: webkit2gtk - A cookie management issue was addressed with improved state management. This iss...
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
Scope: local
bookworm: resolved (fixed in 2.48.0-1~deb12u1)
bullseye: resolved (fixed in 2.48.3-1~deb11u1)
forky: resolved (fixed
debian