[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 23 21:04:39 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1075956d by Salvatore Bonaccorso at 2026-06-23T22:04:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,45 +144,45 @@ CVE-2026-54301 (n8n is an open source workflow automation platform. Prior to 1.1
 CVE-2026-54257 (Electron is a framework for writing cross-platform desktop application ...)
 	- electron <itp> (bug #842420)
 CVE-2026-54157 (LobeHub is a work-and-lifestyle space to find, build, and collaborate  ...)
-	TODO: check
+	NOT-FOR-US: LobeHub
 CVE-2026-54022 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54021 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54019 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54018 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54016 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54015 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54014 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54013 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54012 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54011 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54010 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54009 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54008 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54007 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-54006 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-53755 (Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Crawl4AI
 CVE-2026-53754 (Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Crawl4AI
 CVE-2026-53753 (Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Crawl4AI
 CVE-2026-53662 (immich is a high performance self-hosted photo and video management so ...)
-	TODO: check
+	NOT-FOR-US: immich
 CVE-2026-52846 (Caddy is an extensible server platform that uses TLS by default. Prior ...)
 	TODO: check
 CVE-2026-52845 (Caddy is an extensible server platform that uses TLS by default. Prior ...)
@@ -190,7 +190,7 @@ CVE-2026-52845 (Caddy is an extensible server platform that uses TLS by default.
 CVE-2026-52844 (Caddy is an extensible server platform that uses TLS by default. Prior ...)
 	TODO: check
 CVE-2026-52673 (SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remo ...)
-	TODO: check
+	NOT-FOR-US: Cboard
 CVE-2026-50574 (yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09,  ...)
 	TODO: check
 CVE-2026-50023 (yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09,  ...)
@@ -198,53 +198,53 @@ CVE-2026-50023 (yt-dlp is a command-line audio/video downloader. Prior to 2026.0
 CVE-2026-50019 (yt-dlp is a command-line audio/video downloader. From 2023.09.24 until ...)
 	TODO: check
 CVE-2026-4983 (Open VSX Registry does not sanitize SVG files uploaded as extension ic ...)
-	TODO: check
+	NOT-FOR-US: Open VSX Registry
 CVE-2026-4610 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-49983 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49860 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49859 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49465 (n8n is an open source workflow automation platform. Prior to 1.123.48, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-49444 (n8n is an open source workflow automation platform. Prior to 1.123.48, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-49440 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49411 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49406 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49402 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-49401 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-48520 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-48519 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-45732 (n8n is an open source workflow automation platform. Prior to 1.123.43, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-45692 (Caddy is an extensible server platform that uses TLS by default. From  ...)
 	TODO: check
 CVE-2026-45135 (Caddy is an extensible server platform that uses TLS by default. From  ...)
 	TODO: check
 CVE-2026-44792 (n8n is an open source workflow automation platform. Prior to 1.123.43, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-44791 (n8n is an open source workflow automation platform. Prior to 1.123.43, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-44790 (n8n is an open source workflow automation platform. Prior to 1.123.43, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-44789 (n8n is an open source workflow automation platform. Prior to 1.123.43, ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-44726 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0  ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2026-44089 (TotolinkEX1200L router is vulnerable to Buffer Overflow in the login f ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2026-42867 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-35019 (NetComm NF20MESH routers running firmware R6B031 and earlier contain a ...)
 	TODO: check
 CVE-2026-35018 (NetComm NF20MESH routers running firmware R6B031 and earlier contain a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1075956d994f845f05d759705310479291c57a86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1075956d994f845f05d759705310479291c57a86
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/b84455d6/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list