cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 34 of 34
CVE-2022-32919P4MEDIUMCVSS 4.7fixed in webkit2gtk 2.38.4-1 (bookworm)2022
CVE-2022-32919 [MEDIUM] CVE-2022-32919: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in iOS 16... The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. Scope: local bookworm: resolved (fixed in 2.38.4-1) bullseye: resolved (fixed in 2.38.4-2~deb11u1) forky: resolved (fixed in 2.38.4-1) sid: resolved (fixed in 2.38.4-1)
debian
CVE-2025-43228P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.48.5-1~deb12u1 (bookworm)2025
CVE-2025-43228 [MEDIUM] CVE-2025-43228: webkit2gtk - The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iO... The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u1) forky: resolved (fixed in 2.48.5-1) sid: resolved (fixed in 2.48.5-1) trixie: resolved (f
debian
CVE-2025-24216P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.48.1-2~deb12u1 (bookworm)2025
CVE-2025-24216 [MEDIUM] CVE-2025-24216: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in
debian
CVE-2025-43421P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.3-1~deb12u1 (bookworm)2025
CVE-2025-43421 [MEDIUM] CVE-2025-43421: webkit2gtk - Multiple issues were addressed by disabling array allocation sinking. This issue... Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.3-1~deb12u1) bullseye: resolved (fixed in 2.50.3-1~deb11u1) forky:
debian
CVE-2026-28861P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.52.1-1 (sid)2026
CVE-2026-28861 [MEDIUM] CVE-2026-28861: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.
debian
CVE-2026-28871P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.52.1-1 (sid)2026
CVE-2026-28871 [MEDIUM] CVE-2026-28871: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ... A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open
debian
CVE-2025-46299P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.52.0-1 (sid)2025
CVE-2025-46299 [MEDIUM] CVE-2025-46299: webkit2gtk - A memory initialization issue was addressed with improved memory handling. This ... A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.
debian
CVE-2018-4278P4LOWCVSS 4.3fixed in webkit2gtk 2.20.4-1 (bookworm)2018
CVE-2018-4278 [MEDIUM] CVE-2018-4278: webkit2gtk - In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS... In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Scope: local bookworm: resolved (fixed in 2.20.4-1) bullseye: resolved (fixed in 2.20.4-1) forky: resolved
debian
CVE-2019-8769P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.26.0-1 (bookworm)2019
CVE-2019-8769 [MEDIUM] CVE-2019-8769: webkit2gtk - An issue existed in the drawing of web page elements. The issue was addressed wi... An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. Scope: local bookworm: resolved (fixed in 2.26.0-1) bullseye: resolved (fixed in 2.26.0-1) forky: resolved (fixed in 2.26.0-1)
debian
CVE-2023-42843P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2023
CVE-2023-42843 [MEDIUM] CVE-2023-42843: webkit2gtk - An inconsistent user interface issue was addressed with improved state managemen... An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1) bullseye: resolved (fixed in 2.44.1-1~deb11u1)
debian
CVE-2025-43392P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-43392 [MEDIUM] CVE-2025-43392: webkit2gtk - The issue was addressed with improved handling of caches. This issue is fixed in... The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u1
debian
CVE-2026-20691P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.52.1-1 (sid)2026
CVE-2026-20691 [MEDIUM] CVE-2026-20691: webkit2gtk - An authorization issue was addressed with improved state management. This issue ... An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open
debian
CVE-2022-22677P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.36.4-1 (bookworm)2022
CVE-2022-22677 [MEDIUM] CVE-2022-22677: webkit2gtk - A logic issue in the handling of concurrent media was addressed with improved st... A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. Scope: local bookworm: resolved (fixed in 2.36.4-1) bullseye: resolved (fixed in 2.36.4-1~deb11u1) forky: reso
debian
CVE-2022-46725P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.38.4-1 (bookworm)2022
CVE-2022-46725 [MEDIUM] CVE-2022-46725: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ... A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.38.4-1) bullseye: resolved (fixed in 2.38.4-2~deb11u1) forky: resolved (fixed in 2.38.4-1) sid: reso
debian
CVE-2025-43265P4MEDIUMCVSS 4.0fixed in webkit2gtk 2.48.5-1~deb12u1 (bookworm)2025
CVE-2025-43265 [MEDIUM] CVE-2025-43265: webkit2gtk - An out-of-bounds read was addressed with improved input validation. This issue i... An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2
debian
CVE-2020-3894P4LOWCVSS 3.1fixed in webkit2gtk 2.28.0-2 (bookworm)2020
CVE-2020-3894 [LOW] CVE-2020-3894: webkit2gtk - A race condition was addressed with additional validation. This issue is fixed i... A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. Scope: local bookworm: resolved (fixed in 2.28.0-2) bullseye: resolved (fixed in 2.28.0-2) forky: reso
debian
CVE-2025-43531P4LOWCVSS 3.1fixed in webkit2gtk 2.50.4-1~deb12u1 (bookworm)2025
CVE-2025-43531 [LOW] CVE-2025-43531: webkit2gtk - A race condition was addressed with improved state handling. This issue is fixed... A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: r
debian
CVE-2020-29623P4LOWCVSS 3.3fixed in webkit2gtk 2.30.6-1 (bookworm)2020
CVE-2020-29623 [LOW] CVE-2020-29623: webkit2gtk - "Clear History and Website Data" did not clear the history. The issue was addres... "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. Scope: local bookworm: resolved (fixed in 2.30.6-1
debian
Debian Webkit2Gtk vulnerabilities | cvebase