[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2026:20065-1":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T15:11:42.125Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":74,"duplicates":75,"related":76,"reserved_at":9,"published_at":107,"modified_at":108,"state":9,"summary":109,"references_raw":111,"kevs":355,"epss":9,"epss_history":356,"metrics":357,"affected":358},"OPENSUSE-SU-2026:20065-1","Security update for webkit2gtk3\n\nThis update for webkit2gtk3 fixes the following issues:\n\nUpdate to version 2.50.4.\n\nSecurity issues fixed:\n\n- CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a\n  UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208).\n- CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of\n  verification of the origins of drag operations (bsc#1254473).\n- CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation\n  (bsc#1255497).\n- CVE-2025-43272: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1250439).\n- CVE-2025-43342: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  correctness issue and missing checks (bsc#1250440).\n- CVE-2025-43343: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1251975).\n- CVE-2025-43356: a website may be able to access sensor information without user consent due to improper cache handling\n  (bsc#1250441).\n- CVE-2025-43368: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1250442).\n- CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165).\n- CVE-2025-43419: processing maliciously crafted web content may lead to memory corruption due to improper memory\n  handling (bsc#1254166).\n- CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled\n  array allocation sinking (bsc#1254167).\n- CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1254168).\n- CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with\n  state management (bsc#1254169).\n- CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer\n  overflow issue (bsc#1254174).\n- CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with\n  state management (bsc#1254172).\n- CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory\n  handling (bsc#1254170).\n- CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1254171).\n- CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1254179).\n- CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing\n  checks (bsc#1254177).\n- CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing\n  checks (bsc#1254176).\n- CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with\n  state management (bsc#1254498).\n- CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer\n  overflow issue (bsc#1255194).\n- CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a\n  use-after-free issue (bsc#1255198).\n- CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race\n  condition (bsc#1255183).\n- CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1255195).\n- CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1255200).\n- CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type\n  confusion (bsc#1255191).\n- CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1254509).\n\nOther issues fixed and changes:\n\n- Version 2.50.4:\n  * Correctly handle the program name passed to the sleep disabler.\n  * Ensure GStreamer is initialized before using the Quirks.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.3:\n  * Fix seeking and looping of media elements that set the \"loop\" property.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.2:\n  * Prevent unsafe URI schemes from participating in media playback.\n  * Make jsc_value_array_buffer_get_data() function introspectable.\n  * Fix logging in to Google accounts that have a WebAuthn second factor configured.\n  * Fix loading webkit://gpu when there are no threads configured for GPU rendering.\n  * Fix rendering gradiants that use the CSS hue interpolation method.\n  * Fix pasting image data from the clipboard.\n  * Fix font-family selection when the font name contains spaces.\n  * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc.\n  * Fix capturing canvas snapshots in the Web Inspector.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.1:\n  * Improve text rendering performance.\n  * Fix audio playback broken on instagram.\n  * Fix rendering of layers with fractional transforms.\n  * Fix the build with ENABLE(VIDEO) disabled.\n  * Fix the build in s390x.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.0:\n  * Improved rendering performance by recording each layer once and replaying every dirty region in different worker\n    threads.\n  * Enable damage propagation to the UI process by default.\n  * CSS property font-variant-emoji is now enabled by default.\n  * Font synthesis properties (bold/italic) are now properly handled.\n  * Ensure web view is focused on tap gesture.\n  * Added new API to get the theme color of a WebKitWebView.\n\n- Version 2.49.90:\n  * Add support for font collection / fragment identifiers.\n  * Fix web process deadlock on exit.\n  * Fix stuttering when playing WebP animations\n  * Fix CSS animations with cubic-bezier timing function.\n  * Do not start the MemoryPressureMonitor if it’s disabled\n  * Fix several crashes and rendering issues.\n  * Updated translations.\n\n- Version 2.48.6:\n  * Fix emojis incorrectly rendered in their text variant.\n  * Add support for font collection / fragment identifiers.\n  * Fix web process deadlock on exit.\n  * Fix stuttering when playing WebP animations.\n  * Fix CSS animations with cubic-bezier timing function.\n  * Do not start the MemoryPressureMonitor if it's disabled.\n  * Fix several crashes and rendering issues.\n\n- Fix a11y regression where AT-SPI roles were mapped incorrectly.\n- Disable skia on ppc64le.\n\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":15},"CVE-2023-43000",{"_key":17},"CVE-2025-13502",{"_key":19},"CVE-2025-13947",{"_key":21},"CVE-2025-14174",{"_key":23},"CVE-2025-43272",{"_key":25},"CVE-2025-43342",{"_key":27},"CVE-2025-43343",{"_key":29},"CVE-2025-43356",{"_key":31},"CVE-2025-43368",{"_key":33},"CVE-2025-43392",{"_key":35},"CVE-2025-43419",{"_key":37},"CVE-2025-43421",{"_key":39},"CVE-2025-43425",{"_key":41},"CVE-2025-43427",{"_key":43},"CVE-2025-43429",{"_key":45},"CVE-2025-43430",{"_key":47},"CVE-2025-43431",{"_key":49},"CVE-2025-43432",{"_key":51},"CVE-2025-43434",{"_key":53},"CVE-2025-43440",{"_key":55},"CVE-2025-43443",{"_key":57},"CVE-2025-43458",{"_key":59},"CVE-2025-43480",{"_key":61},"CVE-2025-43501",{"_key":63},"CVE-2025-43529",{"_key":65},"CVE-2025-43531",{"_key":67},"CVE-2025-43535",{"_key":69},"CVE-2025-43536",{"_key":71},"CVE-2025-43541",{"_key":73},"CVE-2025-66287",[],[],[77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},"2026-01-20T12:08:51Z","2026-03-23T04:54:43.038943Z",{"cisa_kev":110,"cisa_ransomware":110,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[112,118,122,126,130,134,138,142,146,150,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214,218,222,226,230,234,239,243,247,251,255,259,263,267,271,275,279,283,287,291,295,299,303,307,311,315,319,323,327,331,335,339,343,347,351],{"url":113,"sources":114,"tags":116},"https://bugzilla.suse.com/1250439",[115],"osv_opensuse",[117],"REPORT",{"url":119,"sources":120,"tags":121},"https://bugzilla.suse.com/1250440",[115],[117],{"url":123,"sources":124,"tags":125},"https://bugzilla.suse.com/1250441",[115],[117],{"url":127,"sources":128,"tags":129},"https://bugzilla.suse.com/1250442",[115],[117],{"url":131,"sources":132,"tags":133},"https://bugzilla.suse.com/1251975",[115],[117],{"url":135,"sources":136,"tags":137},"https://bugzilla.suse.com/1254164",[115],[117],{"url":139,"sources":140,"tags":141},"https://bugzilla.suse.com/1254165",[115],[117],{"url":143,"sources":144,"tags":145},"https://bugzilla.suse.com/1254166",[115],[117],{"url":147,"sources":148,"tags":149},"https://bugzilla.suse.com/1254167",[115],[117],{"url":151,"sources":152,"tags":153},"https://bugzilla.suse.com/1254168",[115],[117],{"url":155,"sources":156,"tags":157},"https://bugzilla.suse.com/1254169",[115],[117],{"url":159,"sources":160,"tags":161},"https://bugzilla.suse.com/1254170",[115],[117],{"url":163,"sources":164,"tags":165},"https://bugzilla.suse.com/1254171",[115],[117],{"url":167,"sources":168,"tags":169},"https://bugzilla.suse.com/1254172",[115],[117],{"url":171,"sources":172,"tags":173},"https://bugzilla.suse.com/1254174",[115],[117],{"url":175,"sources":176,"tags":177},"https://bugzilla.suse.com/1254175",[115],[117],{"url":179,"sources":180,"tags":181},"https://bugzilla.suse.com/1254176",[115],[117],{"url":183,"sources":184,"tags":185},"https://bugzilla.suse.com/1254177",[115],[117],{"url":187,"sources":188,"tags":189},"https://bugzilla.suse.com/1254179",[115],[117],{"url":191,"sources":192,"tags":193},"https://bugzilla.suse.com/1254208",[115],[117],{"url":195,"sources":196,"tags":197},"https://bugzilla.suse.com/1254473",[115],[117],{"url":199,"sources":200,"tags":201},"https://bugzilla.suse.com/1254498",[115],[117],{"url":203,"sources":204,"tags":205},"https://bugzilla.suse.com/1254509",[115],[117],{"url":207,"sources":208,"tags":209},"https://bugzilla.suse.com/1255183",[115],[117],{"url":211,"sources":212,"tags":213},"https://bugzilla.suse.com/1255191",[115],[117],{"url":215,"sources":216,"tags":217},"https://bugzilla.suse.com/1255194",[115],[117],{"url":219,"sources":220,"tags":221},"https://bugzilla.suse.com/1255195",[115],[117],{"url":223,"sources":224,"tags":225},"https://bugzilla.suse.com/1255198",[115],[117],{"url":227,"sources":228,"tags":229},"https://bugzilla.suse.com/1255200",[115],[117],{"url":231,"sources":232,"tags":233},"https://bugzilla.suse.com/1255497",[115],[117],{"url":235,"sources":236,"tags":237},"https://www.suse.com/security/cve/CVE-2023-43000",[115],[238],"WEB",{"url":240,"sources":241,"tags":242},"https://www.suse.com/security/cve/CVE-2025-13502",[115],[238],{"url":244,"sources":245,"tags":246},"https://www.suse.com/security/cve/CVE-2025-13947",[115],[238],{"url":248,"sources":249,"tags":250},"https://www.suse.com/security/cve/CVE-2025-14174",[115],[238],{"url":252,"sources":253,"tags":254},"https://www.suse.com/security/cve/CVE-2025-43272",[115],[238],{"url":256,"sources":257,"tags":258},"https://www.suse.com/security/cve/CVE-2025-43342",[115],[238],{"url":260,"sources":261,"tags":262},"https://www.suse.com/security/cve/CVE-2025-43343",[115],[238],{"url":264,"sources":265,"tags":266},"https://www.suse.com/security/cve/CVE-2025-43356",[115],[238],{"url":268,"sources":269,"tags":270},"https://www.suse.com/security/cve/CVE-2025-43368",[115],[238],{"url":272,"sources":273,"tags":274},"https://www.suse.com/security/cve/CVE-2025-43392",[115],[238],{"url":276,"sources":277,"tags":278},"https://www.suse.com/security/cve/CVE-2025-43419",[115],[238],{"url":280,"sources":281,"tags":282},"https://www.suse.com/security/cve/CVE-2025-43421",[115],[238],{"url":284,"sources":285,"tags":286},"https://www.suse.com/security/cve/CVE-2025-43425",[115],[238],{"url":288,"sources":289,"tags":290},"https://www.suse.com/security/cve/CVE-2025-43427",[115],[238],{"url":292,"sources":293,"tags":294},"https://www.suse.com/security/cve/CVE-2025-43429",[115],[238],{"url":296,"sources":297,"tags":298},"https://www.suse.com/security/cve/CVE-2025-43430",[115],[238],{"url":300,"sources":301,"tags":302},"https://www.suse.com/security/cve/CVE-2025-43431",[115],[238],{"url":304,"sources":305,"tags":306},"https://www.suse.com/security/cve/CVE-2025-43432",[115],[238],{"url":308,"sources":309,"tags":310},"https://www.suse.com/security/cve/CVE-2025-43434",[115],[238],{"url":312,"sources":313,"tags":314},"https://www.suse.com/security/cve/CVE-2025-43440",[115],[238],{"url":316,"sources":317,"tags":318},"https://www.suse.com/security/cve/CVE-2025-43443",[115],[238],{"url":320,"sources":321,"tags":322},"https://www.suse.com/security/cve/CVE-2025-43458",[115],[238],{"url":324,"sources":325,"tags":326},"https://www.suse.com/security/cve/CVE-2025-43480",[115],[238],{"url":328,"sources":329,"tags":330},"https://www.suse.com/security/cve/CVE-2025-43501",[115],[238],{"url":332,"sources":333,"tags":334},"https://www.suse.com/security/cve/CVE-2025-43529",[115],[238],{"url":336,"sources":337,"tags":338},"https://www.suse.com/security/cve/CVE-2025-43531",[115],[238],{"url":340,"sources":341,"tags":342},"https://www.suse.com/security/cve/CVE-2025-43535",[115],[238],{"url":344,"sources":345,"tags":346},"https://www.suse.com/security/cve/CVE-2025-43536",[115],[238],{"url":348,"sources":349,"tags":350},"https://www.suse.com/security/cve/CVE-2025-43541",[115],[238],{"url":352,"sources":353,"tags":354},"https://www.suse.com/security/cve/CVE-2025-66287",[115],[238],[],[],[],[359,372,377],{"ecosystem":360,"name":361,"vendor":362,"product":363,"cpe_part":9,"purl_type":364,"purl_namespace":362,"purl_name":363,"source":9,"versions":365},"openSUSE","webkit2gtk3-soup2","opensuse","webkit2gtk3-soup2&distro=openSUSE Leap 16.0","rpm",[366],{"version":367,"is_range":368,"range_type":369,"version_start":9,"version_start_type":9,"version_end":370,"version_end_type":371,"fixed_in":9},"lt2_50_4_160000_1_1",true,"ecosystem","2.50.4-160000.1.1","excluding",{"ecosystem":360,"name":373,"vendor":362,"product":374,"cpe_part":9,"purl_type":364,"purl_namespace":362,"purl_name":374,"source":9,"versions":375},"webkit2gtk3","webkit2gtk3&distro=openSUSE Leap 16.0",[376],{"version":367,"is_range":368,"range_type":369,"version_start":9,"version_start_type":9,"version_end":370,"version_end_type":371,"fixed_in":9},{"ecosystem":360,"name":378,"vendor":362,"product":379,"cpe_part":9,"purl_type":364,"purl_namespace":362,"purl_name":379,"source":9,"versions":380},"webkit2gtk4","webkit2gtk4&distro=openSUSE Leap 16.0",[381],{"version":367,"is_range":368,"range_type":369,"version_start":9,"version_start_type":9,"version_end":370,"version_end_type":371,"fixed_in":9}]