Debian Webkit2Gtk vulnerabilities
678 known vulnerabilities affecting debian/webkit2gtk.
Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275
Vulnerabilities
Page 31 of 34
CVE-2021-1826P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.30.1-1 (bookworm)2021
CVE-2021-1826 [MEDIUM] CVE-2021-1826: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m...
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.30.1-1)
bullseye: resolved (fixed in 2.30.1-1)
forky: resolved (fixed in 2.30.1-1)
si
debian
CVE-2017-7006P4LOWCVSS 5.3fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-7006 [MEDIUM] CVE-2017-7006: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected...
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filt
debian
CVE-2024-40794P4MEDIUMCVSS 5.3fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-40794 [MEDIUM] CVE-2024-40794: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ...
This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.
Scope: local
bookworm: resolved (fixed in 2.44.3-1~deb12u1)
bullseye: resolved (fixed in 2.44.3-1~deb11u1)
forky: resolved (fixed in 2.44.3-1)
sid: resolved (fi
debian
CVE-2024-44296P4MEDIUMCVSS 5.4fixed in webkit2gtk 2.46.3-1~deb12u1 (bookworm)2024
CVE-2024-44296 [MEDIUM] CVE-2024-44296: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.1...
The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Scope: local
bookworm: resolved (fixed in 2.46.3-1~deb12u1)
bullse
debian
CVE-2020-9894P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.28.4-1 (bookworm)2020
CVE-2020-9894 [MEDIUM] CVE-2020-9894: webkit2gtk - An out-of-bounds read was addressed with improved input validation. This issue i...
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Scope: local
bookworm: r
debian
CVE-2016-4743P4LOWCVSS 7.1fixed in webkit2gtk 2.14.3-1 (bookworm)2016
CVE-2016-4743 [HIGH] CVE-2016-4743: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ...
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application cr
debian
CVE-2018-4309P4LOWCVSS 6.1fixed in webkit2gtk 2.22.0-2 (bookworm)2018
CVE-2018-4309 [MEDIUM] CVE-2018-4309: webkit2gtk - A cross-site scripting issue existed in Safari. This issue was addressed with im...
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Scope: local
bookworm: resolved (fixed in 2.22.0-2)
bullseye: resolved (fixed in 2.22.0-2)
forky: resolved (fixed in 2.22.0-2)
sid: resolved (fixed
debian
CVE-2018-4345P4LOWCVSS 6.1fixed in webkit2gtk 2.22.3-1 (bookworm)2018
CVE-2018-4345 [MEDIUM] CVE-2018-4345: webkit2gtk - A cross-site scripting issue existed in Safari. This issue was addressed with im...
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Scope: local
bookworm: resolved (fixed in 2.22.3-1)
bullseye: resolved (fixed in 2.22.3-1)
forky: resolved (fixed in 2.22.3-1)
sid: resolved (fixed
debian
CVE-2019-8674P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.24.4-1 (bookworm)2019
CVE-2019-8674 [MEDIUM] CVE-2019-8674: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.24.4-1)
bullseye: resolved (fixed in 2.24.4-1)
forky: resolved (fixed in 2.24.4-1)
sid: resolved (fixed in 2.24.4-1)
trixie: resolve
debian
CVE-2025-24208P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.48.1-2~deb12u1 (bookworm)2025
CVE-2025-24208 [MEDIUM] CVE-2025-24208: webkit2gtk - A permissions issue was addressed with additional restrictions. This issue is fi...
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
Scope: local
bookworm: resolved (fixed in 2.48.1-2~deb12u1)
bullseye: resolved (fixed in 2.48.3-1~deb11u1)
forky: resolved (fixed in 2.48.1-1)
sid: resolved (fixed in
debian
CVE-2017-7142P4LOWCVSS 5.3fixed in webkit2gtk 2.18.1-1 (bookworm)2017
CVE-2017-7142 [MEDIUM] CVE-2017-7142: webkit2gtk - An issue was discovered in certain Apple products. Safari before 11 is affected....
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.
Scope: local
bookworm: resolved (fixed in 2.18.1-1)
bullseye: resolved (fixed in 2
debian
CVE-2019-8768P4MEDIUMCVSS 5.3fixed in webkit2gtk 2.24.0-1 (bookworm)2019
CVE-2019-8768 [MEDIUM] CVE-2019-8768: webkit2gtk - "Clear History and Website Data" did not clear the history. The issue was addres...
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
Scope: local
bookworm: resolved (fixed in 2.24.0-1)
bullseye: resolved (fixed in 2.24.0-1)
forky: resolved (fixed in 2.24.0-1)
sid: resolved (fixed in 2
debian
CVE-2022-32933P4MEDIUMCVSS 5.3fixed in webkit2gtk 2.38.0-1 (bookworm)2022
CVE-2022-32933 [MEDIUM] CVE-2022-32933: webkit2gtk - An information disclosure issue was addressed by removing the vulnerable code. T...
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
Scope: local
bookworm: resolved (fixed in 2.38.0-1)
bullseye: resolved (fixed in 2.38.0-1~deb11u1)
forky: resolved (fixed in 2.38.0-1)
sid: resolved
debian
CVE-2026-20676P4MEDIUMCVSS 5.3fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2026
CVE-2026-20676 [MEDIUM] CVE-2026-20676: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ...
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Scope: local
bookworm: resolved (fixed in 2.50.6-1~deb12u1)
bullseye: open
forky: resolved (fixed in 2.50.6-1)
sid: resolved (fixed in 2.50.
debian
CVE-2021-42762P4HIGHCVSS 8.8fixed in webkit2gtk 2.34.1-1 (bookworm)2021
CVE-2021-42762 [HIGH] CVE-2021-42762: webkit2gtk - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limite...
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mo
debian
CVE-2019-8764P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.26.0-1 (bookworm)2019
CVE-2019-8764 [MEDIUM] CVE-2019-8764: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.26.0-1)
bullseye: resolved (fixed in 2.26.0-1)
forky: resolved (fixed in 2.26.0-1)
sid: resolved (fixed in 2.26.0-1)
trixie: resolved (fix
debian
CVE-2017-7109P4LOWCVSS 6.1fixed in webkit2gtk 2.18.1-1 (bookworm)2017
CVE-2017-7109 [MEDIUM] CVE-2017-7109: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11 is affected. Sa...
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or
debian
CVE-2017-7059P4LOWCVSS 6.1fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-7059 [MEDIUM] CVE-2017-7059: webkit2gtk - A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3....
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed in 2.16.3-2)
forky: resolved (fixed in 2.16.3-2)
sid: resolved (fixed in 2.16.3-2)
debian
CVE-2022-32891P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.36.6-1 (bookworm)2022
CVE-2022-32891 [MEDIUM] CVE-2022-32891: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in Safari...
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.
Scope: local
bookworm: resolved (fixed in 2.36.6-1)
bullseye: resolved (fixed in 2.36.6-1~deb11u1)
forky: resolved (fixed in 2.36.6-1)
sid: resolved (fixed in 2.36.6-1)
trixie:
debian
CVE-2021-30682P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.32.0-2 (bookworm)2021
CVE-2021-30682 [MEDIUM] CVE-2021-30682: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in t...
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.
Scope: local
bookworm: resolved (fixed in 2.32.0-2)
bullseye: resolved (fixed in 2.32.0-2)
forky: resolved (fixed in 2.32.0-2)
debian