VYPR

rpm package

opensuse/epiphany&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/epiphany&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2025-3839HigJan 23, 2026
    affected < 48.1-1.1fixed 48.1-1.1

    A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly w

  • CVE-2023-26081Feb 20, 2023
    affected < 43.1-1.1fixed 43.1-1.1

    In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

  • CVE-2022-29536Apr 20, 2022
    affected < 42.2-1.1fixed 42.2-1.1

    In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

  • CVE-2021-45088Dec 16, 2021
    affected < 41.2-1.1fixed 41.2-1.1

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

  • CVE-2021-45085Dec 16, 2021
    affected < 41.2-1.1fixed 41.2-1.1

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

  • CVE-2018-11396HigMay 23, 2018
    affected < 40.3-2.1fixed 40.3-2.1

    ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.