StackPatch is live — CVE patch ops for indie SaaS, $99 lifetime founder seat (50 only).See product

Back to CVE digest

Package · jq

`jq` CVE matrix across Linux distros

75 CVEs tracked across 16 distro releases. Showing the 75 most-recent fix records.

Ecosystems with tracked fixes

Alpine edgeAlpine v3.18Alpine v3.19Alpine v3.20Alpine v3.21Debian bookwormDebian bullseyeDebian trixieUbuntu bionicUbuntu focalUbuntu jammyUbuntu nobleUbuntu questingUbuntu resoluteUbuntu trustyUbuntu xenial

Recent fix records

Each row links to the full per-CVE cross-distro view. Sorted most-recent first.

Debian bullseye

Source: Debian

CVE-2015-8863→ fixed in1.5+dfsg-1.1
CVE-2016-4074→ fixed in1.5+dfsg-1.1
CVE-2025-48060→ fixed in1.6-2.1+deb11u1

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

Debian bookworm

Source: Debian

CVE-2015-8863→ fixed in1.5+dfsg-1.1
CVE-2016-4074→ fixed in1.5+dfsg-1.1
CVE-2025-48060→ fixed in1.6-2.1+deb12u1

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

Debian trixie

Source: Debian

CVE-2015-8863→ fixed in1.5+dfsg-1.1
CVE-2016-4074→ fixed in1.5+dfsg-1.1
CVE-2023-49355→ fixed in1.7.1-1
CVE-2023-50246→ fixed in1.7.1-1
CVE-2023-50268→ fixed in1.7.1-1
CVE-2024-23337→ fixed in1.7.1-6
CVE-2024-53427→ fixed in1.7.1-5
CVE-2025-48060→ fixed in1.7.1-6+deb13u1

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

Alpine v3.20

Source: Alpine secdb

CVE-2016-4074→ fixed in1.6_rc1-r0

Single command to patch all of these:

apk add --upgrade jq

Alpine v3.21

Source: Alpine secdb

CVE-2016-4074→ fixed in1.6_rc1-r0

Single command to patch all of these:

apk add --upgrade jq

Alpine edge

Source: Alpine secdb

CVE-2016-4074→ fixed in1.6_rc1-r0
CVE-2023-50246→ fixed in1.7.1-r0
CVE-2023-50268→ fixed in1.7.1-r0
CVE-2024-23337→ fixed in1.8.0-r0
CVE-2024-53427→ fixed in1.8.0-r0
CVE-2025-48060→ fixed in1.8.0-r0
CVE-2025-49014→ fixed in1.8.1-r0

Single command to patch all of these:

apk add --upgrade jq

Alpine v3.18

Source: Alpine secdb

CVE-2016-4074→ fixed in1.6_rc1-r0

Single command to patch all of these:

apk add --upgrade jq

Alpine v3.19

Source: Alpine secdb

CVE-2016-4074→ fixed in1.6_rc1-r0
CVE-2023-50246→ fixed in1.7.1-r0
CVE-2023-50268→ fixed in1.7.1-r0

Single command to patch all of these:

apk add --upgrade jq

Ubuntu resolute

Source: Ubuntu USN

CVE-2026-32316→ fixed in1.8.1-4ubuntu2USN-8202-2
CVE-2026-33947→ fixed in1.8.1-4ubuntu2USN-8202-2
CVE-2026-33948→ fixed in1.8.1-4ubuntu2USN-8202-2
CVE-2026-39956→ fixed in1.8.1-4ubuntu2USN-8202-2
CVE-2026-39979→ fixed in1.8.1-4ubuntu2USN-8202-2
CVE-2026-40164→ fixed in1.8.1-4ubuntu2USN-8202-2

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

Ubuntu bionic

Source: Ubuntu USN

CVE-2026-32316→ fixed in1.5+dfsg-2ubuntu0.1~esm2USN-8202-1
CVE-2026-33947→ fixed in1.5+dfsg-2ubuntu0.1~esm2USN-8202-1
CVE-2026-33948→ fixed in1.5+dfsg-2ubuntu0.1~esm2USN-8202-1
CVE-2026-39956→ fixed in1.5+dfsg-2ubuntu0.1~esm2USN-8202-1
CVE-2026-39979→ fixed in1.5+dfsg-2ubuntu0.1~esm2USN-8202-1
CVE-2026-40164→ fixed in1.5+dfsg-2ubuntu0.1~esm2USN-8202-1

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

Ubuntu focal

Source: Ubuntu USN

CVE-2026-32316→ fixed in1.6-1ubuntu0.20.04.1+esm2USN-8202-1
CVE-2026-33947→ fixed in1.6-1ubuntu0.20.04.1+esm2USN-8202-1
CVE-2026-33948→ fixed in1.6-1ubuntu0.20.04.1+esm2USN-8202-1
CVE-2026-39956→ fixed in1.6-1ubuntu0.20.04.1+esm2USN-8202-1
CVE-2026-39979→ fixed in1.6-1ubuntu0.20.04.1+esm2USN-8202-1
CVE-2026-40164→ fixed in1.6-1ubuntu0.20.04.1+esm2USN-8202-1

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

Ubuntu jammy

Source: Ubuntu USN

CVE-2026-32316→ fixed in1.6-2.1ubuntu3.2USN-8202-1
CVE-2026-33947→ fixed in1.6-2.1ubuntu3.2USN-8202-1
CVE-2026-33948→ fixed in1.6-2.1ubuntu3.2USN-8202-1
CVE-2026-39956→ fixed in1.6-2.1ubuntu3.2USN-8202-1
CVE-2026-39979→ fixed in1.6-2.1ubuntu3.2USN-8202-1
CVE-2026-40164→ fixed in1.6-2.1ubuntu3.2USN-8202-1

Single command to patch all of these:

sudo apt-get install --only-upgrade -y jq

+4 more ecosystems with this package

Is YOUR jq patched?

5-second check on your actual server. The quickscan reads your installed jq version and matches against the same 75-CVE catalog above.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Continuous monitoring ($99 lifetime)