CVE coverage

Debian 12 Bookworm CVE list & vulnerability tracker

Noxen pulls Debian 12 CVE data from OSV.dev's Debian ecosystem feed, which mirrors the Debian Security Tracker. Records are deduped against NVD/VulnCheck and shipped in a signed snapshot, daily.

Live

Headline numbers

Total CVE records (all distros)Loading…
Last buildLoading…
OSV records (Debian + others)Loading…
NVD records (cross-platform)Loading…

How matching works

What Noxen does for a Debian 12 host

Reads /etc/os-release to confirm Debian 12 (codename bookworm).
Reads dpkg package list — every binary plus its source package.
Filters the local feed cache to OSV records tagged with ecosystem Debian:12.
Compares installed vs OSV-published fix versions using Debian version semantics (epoch:upstream-debian_revision).
Emits findings only where installed version is strictly older than fix. Tracked-but-unfixed CVEs don't trigger noise.

Live listings

Top recent critical CVEs (Debian)

Most-recently-published critical CVEs in the Debian ecosystem. Auto-deduped to one row per CVE ID.

Loading…

Top recent high-severity CVEs (Debian)

Loading…

New to severity terminology? CVE, CVSS, CWE, and CPE are explained in the blog.

Notable

Recent CVEs that Debian 12 homelabs care about

CVE-2024-6387 (regreSSHion) — OpenSSH pre-auth RCE. Fixed in Debian 12 via security backport.
CVE-2024-3094 (xz backdoor) — Debian 12 stable was on a clean xz version. Bookworm-backports and unstable users had to roll back.
CVE-2023-44487 (HTTP/2 Rapid Reset) — relevant to anyone running nginx, Apache, or any HTTP/2-capable proxy on Debian 12.

Scan a Debian fleet with Noxen

Add your Debian 12 hosts via your existing ~/.ssh/config; Noxen handles the rest. $79 one-time at launch.