5,442 CVEs

85 in CISA KEV

fedoraproject Vulnerabilities

CVE security advisories and vulnerability history for fedoraproject.

5,442

Total CVEs

Published

85

In CISA KEV

Exploited in the wild

590

Public exploits

With known exploit

6.7

Avg CVSS

2005–2026

Overview

fedoraproject has 5,442 published CVE records since 2005, of which 85 are in CISA's Known Exploited Vulnerabilities catalog and 590 have a known public exploit. The average CVSS base score across scored CVEs is 6.7.

This page aggregates every publicly disclosed vulnerability (CVE) affecting fedoraproject products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of fedoraproject's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical135

High854

Medium891

Low150

3,412 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

85

85 of fedoraproject's CVEs are confirmed exploited in the wild.

Public exploits

590

590 of fedoraproject's CVEs have a known public exploit available.

Most affected products

The fedoraproject products with the most published CVEs.

fedora5,373 CVEs
debian linux2,469 CVEs
Chrome922 CVEs
ubuntu linux768 CVEs
leap698 CVEs
enterprise linux580 CVEs
linux kernel328 CVEs
enterprise linux server309 CVEs

Common weakness types

The CWE weakness categories most often found in fedoraproject CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish fedoraproject CVE records.

Disclosure activity by year

How many fedoraproject CVEs were published each year.

2018

99

2019

703

2020

857

2021

1,142

2022

948

2023

554

2024

366

2026

2

Latest fedoraproject CVEs

The most recently disclosed vulnerabilities affecting fedoraproject.

Libinput: libinput: information disclosure via dangling pointer in lua plugin handling
CWE-825
Low · CVSS 3.3
EPSS 0.0%2026-04-01
Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
CWE-94
High · CVSS 8.8
EPSS 0.0%2026-04-01
Medium vulnerability · 2024-11-14
CWE-416
Medium · CVSS 5.5
EPSS 0.0%2024-11-14
Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack
CWE-400
High · CVSS 7.7
EPSS 0.4%2024-08-02
High vulnerability · 2024-06-24
CWE-416
High · CVSS 7.5
EPSS 0.3%2024-06-24
High vulnerability · 2024-06-24
CWE-416
High · CVSS 7.5
EPSS 0.3%2024-06-24
High vulnerability · 2024-06-24
CWE-416
High · CVSS 7.5
EPSS 0.3%2024-06-24
High vulnerability · 2024-06-24
CWE-416
High · CVSS 7.5
EPSS 0.4%2024-06-24
Medium vulnerability · 2024-06-18
CWE-324
Medium · CVSS 5.4
EPSS 0.2%2024-06-18
moodle: CSRF risks due to misuse of confirm_sesskey
CWE-352
High · CVSS 8.8
EPSS 0.3%2024-06-18
Medium vulnerability · 2024-06-18
CWE-79
Medium · CVSS 6.1
EPSS 1.0%2024-06-18
Medium vulnerability · 2024-06-18
CWE-284
Medium · CVSS 5.4
EPSS 0.2%2024-06-18

Track new fedoraproject CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor fedoraproject CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

cisco6,813 CVEs redhat5,883 CVEs Bitnami5,647 CVEs composer5,054 CVEs Oracle Corporation4,928 CVEs pip4,735 CVEs canonical4,309 CVEs npm4,026 CVEs

Browse all vendors

Frequently asked questions

Common questions about fedoraproject vulnerabilities.

How many CVEs does fedoraproject have?

fedoraproject has 5,442 published CVE records since 2005, including 2 in the last two years.

How many fedoraproject CVEs are in CISA KEV?

Yes — 85 of fedoraproject's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which fedoraproject products have the most CVEs?

The fedoraproject products with the most published CVEs are fedora, debian linux, Chrome, ubuntu linux, leap.

What are the most common weakness types in fedoraproject CVEs?

fedoraproject's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-125 (Out-of-bounds Read), CWE-787 (Out-of-bounds Write), CWE-20 (Improper Input Validation).

Are there public exploits for fedoraproject vulnerabilities?

Yes — 590 of fedoraproject's CVEs have a known public exploit.

How many critical fedoraproject vulnerabilities are there?

fedoraproject has 135 critical and 854 high-severity CVEs.

What is the average severity of fedoraproject CVEs?

The average CVSS base score across fedoraproject's scored CVEs is 6.7.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track fedoraproject vulnerabilities

Monitor new fedoraproject vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing