pkg:Debian/nginx

89 total CVEsCRITICAL4HIGH33MEDIUM22LOW1

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0
  • CRITICAL9.8CVE-2009-3555pound - security update
    from 0, < 0.7.64-1
  • CRITICAL9.8CVE-2017-20005nginx - security update
    from 0, < 1.13.6-1
  • CRITICAL9.8CVE-2017-20005nginx - security update
    from 0, < 1.10.3-1+deb9u7
  • CRITICAL9.8CVE-2016-0746Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denia…
    from 0, < 1.9.10-1
  • HIGH8.2CVE-2026-27654NGINX ngx_http_dav_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • HIGH7.8CVE-2026-32647NGINX ngx_http_mp4_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • HIGH7.8CVE-2022-41741NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
    from 0, < 1.18.0-6.1+deb11u3
  • HIGH7.8CVE-2022-41741NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
    from 0, < 1.18.0-6.1+deb11u3
  • HIGH7.8CVE-2016-1247nginx - security update
    from 0, < 1.6.2-5+deb8u3
  • HIGH7.8CVE-2016-1247nginx - security update
    from 0, < 1.10.2-1
  • HIGH7.7CVE-2024-33452An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD r…
    from 0, < 1.18.0-6.1+deb11u5
  • HIGH7.7CVE-2021-23017nginx - security update
    from 0, < 1.10.3-1+deb9u6
  • HIGH7.7CVE-2021-23017nginx - security update
    from 0, < 1.18.0-6.1
  • HIGH7.7CVE-2021-23017nginx - security update
    from 0, < 1.14.2-2+deb10u4
  • HIGH7.5CVE-2026-27651NGINX ngx_mail_auth_http_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • HIGH7.5CVE-2024-24990NGINX HTTP/3 QUIC vulnerability
    from 0, < 1.26.0-1
  • HIGH7.5CVE-2024-24989NGINX HTTP/3 QUIC vulnerability
    from 0, < 1.26.0-1
  • HIGH7.5CVE-2020-11724nginx - security update
    from 0, < 1.18.0-5
  • HIGH7.5CVE-2020-11724nginx - security update
    from 0, < 1.14.2-2+deb10u3
  • HIGH7.5CVE-2020-11724nginx - security update
    from 0, < 1.10.3-1+deb9u5
  • HIGH7.5CVE-2019-9513Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service.
    from 0, < 1.14.2-3
  • HIGH7.5CVE-2019-9511nghttp2 - security update
    from 0, < 1.10.3-1+deb9u3
  • HIGH7.5CVE-2019-9511nghttp2 - security update
    from 0, < 1.14.2-3
  • HIGH7.5CVE-2018-16844nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
    from 0, < 1.14.1-1
  • HIGH7.5CVE-2018-16843nginx - security update
    from 0, < 1.14.1-1
  • HIGH7.5CVE-2018-16843nginx - security update
    from 0, < 1.10.3-1+deb9u2
  • HIGH7.5CVE-2017-7529nginx - security update
    from 0, < 1.13.3-1
  • HIGH7.5CVE-2017-7529nginx - security update
    from 0, < 1.2.1-2.2+wheezy4+deb7u1
  • HIGH7.5CVE-2017-7529nginx - security update
    from 0, < 1.6.2-5+deb8u5
  • HIGH7.5CVE-2016-4450nginx - security update
    from 0, < 1.6.2-5+deb8u2
  • HIGH7.5CVE-2016-4450nginx - security update
    from 0, < 1.10.1-1
  • HIGH7.5CVE-2016-0742nginx - security update
    from 0, < 0.7.67-3+squeeze4+deb6u1
  • HIGH7.5CVE-2016-0742nginx - security update
    from 0, < 1.2.1-2.2+wheezy4
  • HIGH7.5CVE-2016-0742nginx - security update
    from 0, < 1.9.10-1
  • HIGH7.4CVE-2021-3618nginx - security update
    from 0, < 1.18.0-6.1+deb11u2
  • HIGH7.4CVE-2021-3618nginx - security update
    from 0, < 1.14.2-2+deb10u5
  • HIGH7.1CVE-2022-41742NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
    from 0, < 1.18.0-6.1+deb11u3
  • MEDIUM6.5CVE-2026-42946NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • MEDIUM6.5CVE-2026-40460NGINX ngx_quic_module vulnerability
    from 0, < 1.26.3-3+deb13u5
  • MEDIUM6.5CVE-2024-32760NGINX HTTP/3 QUIC vulnerability
    from 0, < 1.26.0-2
  • MEDIUM6.5CVE-2019-9516Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
    from 0, < 1.14.2-3
  • MEDIUM6.1CVE-2018-16845nginx - security update
    from 0, < 1.6.2-5+deb8u6
  • MEDIUM6.1CVE-2018-16845nginx - security update
    from 0, < 1.14.1-1
  • MEDIUM5.8CVE-2026-42926NGINX ngx_http_proxy_v2_module vulnerability
    from 0, < 1.30.0-4
  • MEDIUM5.5CVE-2026-27784NGINX ngx_http_mp4_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • MEDIUM5.4CVE-2026-28755NGINX ngx_stream_ssl_module vulnerability
    from 0, < 1.28.3-2
  • MEDIUM5.3CVE-2024-35200NGINX HTTP/3 QUIC vulnerability
    from 0, < 1.26.0-2
  • MEDIUM5.3CVE-2024-34161NGINX HTTP/3 QUIC vulnerability
    from 0, < 1.26.0-2
  • MEDIUM5.3CVE-2020-36309nginx - security update
    from 0, < 1.18.0-6.1+deb11u5
  • MEDIUM5.3CVE-2020-36309nginx - security update
    from 0, < 1.18.0-6.1+deb11u5
  • MEDIUM5.3CVE-2019-20372NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker t…
    from 0, < 1.16.1-3
  • MEDIUM5.3CVE-2016-0747The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause…
    from 0, < 1.9.10-1
  • MEDIUM4.8CVE-2026-42934NGINX ngx_http_charset_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • MEDIUM4.8CVE-2026-40701NGINX ngx_http_ssl_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • MEDIUM4.8CVE-2024-31079NGINX HTTP/3 QUIC vulnerability
    from 0, < 1.26.0-2
  • MEDIUM4.8CVE-2011-4968nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
    from 0, < 1.9.1-1
  • MEDIUM4.7CVE-2024-7347NGINX MP4 module vulnerability
    from 0, < 1.18.0-6.1+deb11u4
  • MEDIUM4.7CVE-2024-7347NGINX MP4 module vulnerability
    from 0, < 1.18.0-6.1+deb11u4
  • LOW3.7CVE-2026-28753NGINX ngx_mail_proxy_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • CVE-2026-9256NGINX ngx_http_rewrite_module vulnerability
    from 0
  • CVE-2026-42945NGINX ngx_http_rewrite_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • CVE-2026-1642NGINX vulnerability
    from 0, < 1.22.1-9+deb12u4
  • CVE-2026-1642NGINX vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • CVE-2025-53859NGINX ngx_mail_smtp_module vulnerability
    from 0, < 1.18.0-6.1+deb11u6
  • CVE-2025-23419TLS Session Resumption Vulnerability
    from 0, < 1.18.0-6.1+deb11u4
  • CVE-2014-3556The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4…
    from 0, < 1.6.1-1
  • CVE-2014-3616nginx - security update
    from 0, < 1.2.1-2.2+wheezy3
  • CVE-2014-3616nginx - security update
    from 0, < 1.6.2-1
  • CVE-2014-3616nginx - security update
    from 0, < 0.7.67-3+squeeze4
  • CVE-2014-0133Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execu…
    from 0, < 1.4.7-1
  • CVE-2013-4547nginx - restriction bypass
    from 0, < 1.2.1-2.2+wheezy2
  • CVE-2013-4547nginx - restriction bypass
    from 0, < 1.4.4-1
  • CVE-2013-0337The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log f…
    from 0
  • CVE-2013-2070nginx - nginx security update
    from 0, < 1.4.1-1
  • CVE-2013-2070nginx - nginx security update
    from 0, < 1.2.1-2.2+wheezy1
  • CVE-2012-4929nginx - information leak
    from 0, < 1.2.1-2.2
  • CVE-2012-4929nginx - information leak
    from 0, < 0.7.67-3+squeeze3
  • CVE-2012-3380Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrar…
    from 0, < 1.2.1-2
  • CVE-2012-2089Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the…
    from 0, < 1.1.19-1
  • CVE-2012-1180nginx - sensitive information leak
    from 0, < 0.7.67-3+squeeze2
  • CVE-2012-1180nginx - sensitive information leak
    from 0, < 1.1.17-1
  • CVE-2011-4315Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause…
    from 0, < 1.1.8-1
  • CVE-2009-4487nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's…
    from 0
  • CVE-2009-3898Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17,…
    from 0, < 0.7.63-1
  • CVE-2009-3896nginx - denial of service
    from 0, < 0.7.62-1
  • CVE-2009-3896nginx - denial of service
    from 0, < 0.4.13-2+etch3
  • CVE-2009-2629nginx - arbitrary code execution
    from 0, < 0.4.13-2+etch2
  • CVE-2009-2629nginx - arbitrary code execution
    from 0, < 0.7.61-3