Debian Webkit2Gtk vulnerabilities
678 known vulnerabilities affecting debian/webkit2gtk.
Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275
Vulnerabilities
Page 29 of 34
CVE-2025-31205P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.48.3-1~deb12u1 (bookworm)2025
CVE-2025-31205 [MEDIUM] CVE-2025-31205: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.5...
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.
Scope: local
bookworm: resolved (fixed in 2.48.3-1~deb12u1)
bullseye: resolved (fixed in 2.48.3-1~deb11u1)
forky: resolved (fixed in 2.48.2-1)
debian
CVE-2018-4273P4LOWCVSS 6.5fixed in webkit2gtk 2.20.4-1 (bookworm)2018
CVE-2018-4273 [MEDIUM] CVE-2018-4273: webkit2gtk - Multiple memory corruption issues were addressed with improved input validation....
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Scope: local
bookworm: resolved (fixed in 2.20.4-1)
bullseye: resolved (fixed in 2.20.4-1)
forky: resolved (fixed in 2.20.4-1)
sid: resolved (
debian
CVE-2018-4270P4LOWCVSS 6.5fixed in webkit2gtk 2.20.4-1 (bookworm)2018
CVE-2018-4270 [MEDIUM] CVE-2018-4270: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu...
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Scope: local
bookworm: resolved (fixed in 2.20.4-1)
bullseye: resolved (fixed in 2.20.4-1)
forky: resolved (fixed in 2.20.4-1)
sid: resolved (fixed in 2
debian
CVE-2017-7011P4LOWCVSS 6.5fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-7011 [MEDIUM] CVE-2017-7011: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected...
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed in 2.16.3-2)
forky: resolve
debian
CVE-2024-40866P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.46.0-2~deb12u1 (bookworm)2024
CVE-2024-40866 [MEDIUM] CVE-2024-40866: webkit2gtk - The issue was addressed with improved UI. This issue is fixed in Safari 18, macO...
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
Scope: local
bookworm: resolved (fixed in 2.46.0-2~deb12u1)
bullseye: resolved (fixed in 2.46.3-1~deb11u2)
forky: resolved (fixed in 2.46.0-1)
sid: resolved (fixed in 2.46.0-1)
trixie: resolved (fixed in 2.
debian
CVE-2024-23271P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.42.5-1~deb12u1 (bookworm)2024
CVE-2024-23271 [MEDIUM] CVE-2024-23271: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ...
A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
Scope: local
bookworm: resolved (fixed in 2.42.5-1~deb12u1)
bullseye: resolved (fixed in 2.42.5-1~deb11u1)
forky: resolved (fixed in 2.42.5-1)
debian
CVE-2024-27834P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.44.2-1~deb12u1 (bookworm)2024
CVE-2024-27834 [MEDIUM] CVE-2024-27834: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 17.5...
The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Scope: local
bookworm: resolved (fixed in 2.44.2-1~deb12u1)
bullseye: resolved (fi
debian
CVE-2017-7038P4LOWCVSS 6.1fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-7038 [MEDIUM] CVE-2017-7038: webkit2gtk - A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3....
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed in 2.16.3-2)
forky: resolved (fixed in 2.16.3-2)
sid: resolved (fixed in 2.16.3-2)
debian
CVE-2018-4271P4LOWCVSS 6.5fixed in webkit2gtk 2.20.2-1 (bookworm)2018
CVE-2018-4271 [MEDIUM] CVE-2018-4271: webkit2gtk - Multiple memory corruption issues were addressed with improved input validation....
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Scope: local
bookworm: resolved (fixed in 2.20.2-1)
bullseye: resolved (fixed in 2.20.2-1)
forky: resolved (fixed in 2.20.2-1)
sid: resolved (
debian
CVE-2021-45482P4HIGHCVSS 8.8fixed in webkit2gtk 2.32.4-1 (bookworm)2021
CVE-2021-45482 [HIGH] CVE-2021-45482: webkit2gtk - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode:...
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.
Scope: local
bookworm: resolved (fixed in 2.32.4-1)
bullseye: resolved (fixed in 2.32.4-1~deb11u1)
forky: resolved (fixed in 2.32.4-1)
sid: resolved (fixed in 2.32.4-1)
trixie: resolved (fixed in 2.32.4-1)
debian
CVE-2022-0108P4MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2022
CVE-2022-0108 [MEDIUM] CVE-2022-0108: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.7...
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 97.0.4692.71-0.1)
bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1)
forky: resolved (fixed in 97.0.4692.71-0.1)
sid: resolved (fixed in 97.0.4692.71-0.1)
trixie:
debian
CVE-2017-2475P4LOWCVSS 6.1fixed in webkit2gtk 2.14.6-1 (bookworm)2017
CVE-2017-2475 [MEDIUM] CVE-2017-2475: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ...
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
Scope: local
bookworm: resolved (fixed in 2.14.6-1)
bullseye: resolved (
debian
CVE-2021-1825P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.30.1-1 (bookworm)2021
CVE-2021-1825 [MEDIUM] CVE-2021-1825: webkit2gtk - An input validation issue was addressed with improved input validation. This iss...
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.
Scope: local
bookworm: resolved (fixed in 2.30.1
debian
CVE-2020-3867P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.26.4-1 (bookworm)2020
CVE-2020-3867 [MEDIUM] CVE-2020-3867: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.26.4-1)
bullsey
debian
CVE-2021-30890P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.34.3-1 (bookworm)2021
CVE-2021-30890 [MEDIUM] CVE-2021-30890: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.34.3-1)
bullseye: resolved (fixed in 2.34.3-1~deb11u1)
forky: resolved (fixe
debian
CVE-2018-4266P4LOWCVSS 5.9fixed in webkit2gtk 2.20.4-1 (bookworm)2018
CVE-2018-4266 [MEDIUM] CVE-2018-4266: webkit2gtk - A race condition was addressed with additional validation. This issue affected v...
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Scope: local
bookworm: resolved (fixed in 2.20.4-1)
bullseye: resolved (fixed in 2.20.4-1)
forky: resolved (fixed in 2.20.4-1)
sid: resolved (fixe
debian
CVE-2019-8658P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.24.4-1 (bookworm)2019
CVE-2019-8658 [MEDIUM] CVE-2019-8658: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.24.
debian
CVE-2017-2549P4LOWCVSS 6.1fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-2549 [MEDIUM] CVE-2017-2549: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected...
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading.
Scope: local
bookworm: resolved (fixed
debian
CVE-2020-9925P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.28.4-1 (bookworm)2020
CVE-2020-9925 [MEDIUM] CVE-2020-9925: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.28.4
debian
CVE-2024-40785P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-40785 [MEDIUM] CVE-2024-40785: webkit2gtk - This issue was addressed with improved checks. This issue is fixed in Safari 17....
This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
Scope: local
bookworm: resolved (fixed in 2.44.3-1~deb12u1)
bullseye: resolved (
debian