Information on source package nginx

Available versions

ReleaseVersion
jessie1.6.2-5+deb8u10
stretch1.10.3-1+deb9u8
stretch (security)1.10.3-1+deb9u7
buster1.14.2-2+deb10u5
bullseye1.18.0-6.1+deb11u3
bookworm1.22.1-9
trixie1.26.0-3
sid1.26.0-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-7347vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedNGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...
CVE-2020-36309vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...
CVE-2013-0337vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableThe default configuration of nginx, possibly 1.3.13 and earlier, uses ...
CVE-2011-4968vulnerable (no DSA)fixedfixedfixedfixedfixedfixednginx http proxy module does not verify peer identity of https origin ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-35200vulnerablevulnerablefixedfixedfixedfixedfixedWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-34161vulnerablevulnerablefixedfixedfixedfixedfixedWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-32760vulnerablevulnerablefixedfixedfixedfixedfixedWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-31079vulnerablevulnerablefixedfixedfixedfixedfixedWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-24990vulnerablevulnerablefixedfixedfixedfixedfixedWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-24989vulnerablevulnerablefixedfixedfixedfixedfixedWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2023-44487vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedThe HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2009-4487vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablenginx 0.7.64 writes data to a log file without sanitizing non-printabl ...

Resolved issues

BugDescription
CVE-2024-39792When the NGINX Plus is configured to use the MQTT pre-read module, und ...
CVE-2022-41742NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...
CVE-2022-41741NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...
CVE-2021-23017A security issue in nginx resolver was identified, which might allow a ...
CVE-2021-3618ALPACA is an application layer protocol content confusion attack, expl ...
CVE-2020-11724An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...
CVE-2019-20372NGINX before 1.17.7, with certain error_page configurations, allows HT ...
CVE-2019-9516Some HTTP/2 implementations are vulnerable to a header leak, potential ...
CVE-2019-9513Some HTTP/2 implementations are vulnerable to resource loops, potentia ...
CVE-2019-9511Some HTTP/2 implementations are vulnerable to window size manipulation ...
CVE-2018-16845nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_ht ...
CVE-2018-16844nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...
CVE-2018-16843nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...
CVE-2017-20005NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...
CVE-2017-7529Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...
CVE-2016-4450os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 al ...
CVE-2016-1247The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx pa ...
CVE-2016-0747The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ...
CVE-2016-0746Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1 ...
CVE-2016-0742The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...
CVE-2014-3616nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cach ...
CVE-2014-3556The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...
CVE-2014-0133Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ...
CVE-2014-0088The SPDY implementation in the ngx_http_spdy_module module in nginx 1. ...
CVE-2013-4547nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attack ...
CVE-2013-2070http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...
CVE-2013-2028The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...
CVE-2012-3380Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...
CVE-2012-2089Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module mo ...
CVE-2012-1180Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1 ...
CVE-2011-4963nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...
CVE-2011-4315Heap-based buffer overflow in compression-pointer processing in core/n ...
CVE-2010-2266nginx 0.8.36 allows remote attackers to cause a denial of service (cra ...
CVE-2010-2263nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows ...
CVE-2009-3898Directory traversal vulnerability in src/http/modules/ngx_http_dav_mod ...
CVE-2009-3896src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14 ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
CVE-2009-2629Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0 ...

Security announcements

DSA / DLADescription
DLA-3203-1nginx - security update
ELA-739-1nginx - security update
DSA-5281-1nginx - security update
DLA-2680-1nginx - security update
ELA-441-1nginx - security update
DLA-2670-1nginx - security update
ELA-437-1nginx - security update
DSA-4921-1nginx - security update
DSA-4750-1nginx - security update
DLA-2283-1nginx - security update
ELA-247-1nginx - security update
DSA-4505-1nginx - security update
DSA-4335-1nginx - security update
DLA-1572-1nginx - security update
DLA-1024-1nginx - security update
DSA-3908-1nginx - security update
DSA-3701-2nginx - regression update
DSA-3701-1nginx - security update
DSA-3592-1nginx - security update
DSA-3473-1nginx - security update
DLA-404-1nginx - security update
DSA-3029-1nginx - security update
DLA-55-1nginx - security update
DSA-2802-1nginx - restriction bypass
DSA-2721-1nginx - nginx security update
DSA-2627-1nginx - information leak
DSA-2434-1nginx - sensitive information leak
DSA-1920-1nginx - denial of service
DSA-1884-1nginx - arbitrary code execution

Search for package or bug name: Reporting problems