151 CVEs

1 in CISA KEV

freedesktop Vulnerabilities

CVE security advisories and vulnerability history for freedesktop.

151

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

19

Public exploits

With known exploit

5.6

Avg CVSS

2007–2026

Overview

freedesktop has 151 published CVE records since 2007, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 19 have a known public exploit. The average CVSS base score across scored CVEs is 5.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting freedesktop products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of freedesktop's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High8

Medium19

Low5

119 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of freedesktop's CVEs is confirmed exploited in the wild.

Public exploits

19

19 of freedesktop's CVEs have a known public exploit available.

Most affected products

The freedesktop products with the most published CVEs.

poppler89 CVEs
debian linux47 CVEs
ubuntu linux30 CVEs
dbus24 CVEs
fedora19 CVEs
enterprise linux17 CVEs
enterprise linux server12 CVEs
enterprise linux workstation12 CVEs

Common weakness types

The CWE weakness categories most often found in freedesktop CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish freedesktop CVE records.

Disclosure activity by year

How many freedesktop CVEs were published each year.

2019

19

2020

7

2021

5

2022

9

2023

10

2024

2

2025

7

2026

8

Latest freedesktop CVEs

The most recently disclosed vulnerabilities affecting freedesktop.

Medium vulnerability · 2026-05-14
CWE-369
Medium · CVSS 4.0
EPSS 0.0%2026-05-14
Medium vulnerability · 2026-05-14
CWE-369
Medium · CVSS 4.0
EPSS 0.0%2026-05-14
Libinput: libinput: information disclosure via dangling pointer in lua plugin handling
CWE-825
Low · CVSS 3.3
EPSS 0.0%2026-04-01
Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
CWE-94
High · CVSS 8.8
EPSS 0.0%2026-04-01
Polkit: polkit: denial of service via unbounded input processing through standard input
CWE-770
Medium · CVSS 5.5
EPSS 0.0%2026-03-26
Gstreamer: incomplete fix of cve-2026-1940
CWE-125
Medium · CVSS 5.1
EPSS 0.1%2026-03-23
Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api
CWE-862
Medium · CVSS 5.5
EPSS 0.0%2026-02-25
Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api
CWE-862
High · CVSS 7.1
EPSS 0.0%2026-02-25
Low vulnerability · 2025-10-01
CWE-674
Low · CVSS 2.9
EPSS 0.0%2025-10-01
Medium vulnerability · 2025-08-04
CWE-674
Medium · CVSS 6.5
EPSS 0.2%2025-08-04
Poppler Use After Free Vulnerability
CWE-416
Medium · CVSS 5.5
EPSS 0.3%2025-07-02
Low vulnerability · 2025-06-23
CWE-420
Low · CVSS 2.7
EPSS 0.1%2025-06-23

Track new freedesktop CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor freedesktop CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

Adobe Systems Incorporated156 CVEs axiosys156 CVEs Devolutions156 CVEs Parallels156 CVEs CODESYS154 CVEs otrs153 CVEs tendacn153 CVEs chamilo151 CVEs

Browse all vendors

Frequently asked questions

Common questions about freedesktop vulnerabilities.

How many CVEs does freedesktop have?

freedesktop has 151 published CVE records since 2007, including 15 in the last two years.

How many freedesktop CVEs are in CISA KEV?

Yes — 1 of freedesktop's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which freedesktop products have the most CVEs?

The freedesktop products with the most published CVEs are poppler, debian linux, ubuntu linux, dbus, fedora.

What are the most common weakness types in freedesktop CVEs?

freedesktop's CVEs most often map to these CWE weakness types: CWE-674 (Uncontrolled Recursion), CWE-20 (Improper Input Validation), CWE-125 (Out-of-bounds Read), CWE-190 (Integer Overflow or Wraparound).

Are there public exploits for freedesktop vulnerabilities?

Yes — 19 of freedesktop's CVEs have a known public exploit.

What is the average severity of freedesktop CVEs?

The average CVSS base score across freedesktop's scored CVEs is 5.6.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track freedesktop vulnerabilities

Monitor new freedesktop vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing