19,131 CVEs

84 in CISA KEV

Linux Vulnerabilities

CVE security advisories and vulnerability history for Linux.

19,131

Total CVEs

Published

84

In CISA KEV

Exploited in the wild

843

Public exploits

With known exploit

6.4

Avg CVSS

1999–2026

Overview

Linux has 19,131 published CVE records since 1999, of which 84 are in CISA's Known Exploited Vulnerabilities catalog and 843 have a known public exploit. The average CVSS base score across scored CVEs is 6.4.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Linux products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Linux's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical216

High2,215

Medium3,546

Low266

12,888 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

84

84 of Linux's CVEs are confirmed exploited in the wild.

Public exploits

843

843 of Linux's CVEs have a known public exploit available.

Most affected products

The Linux products with the most published CVEs.

linux kernel17,408 CVEs
Linux12,244 CVEs
windows2,684 CVEs
Kernel2,283 CVEs
debian linux1,789 CVEs
mac os x985 CVEs
flash player936 CVEs
macos866 CVEs

Common weakness types

The CWE weakness categories most often found in Linux CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Linux CVE records.

Disclosure activity by year

How many Linux CVEs were published each year.

2019

394

2020

244

2021

430

2022

597

2023

617

2024

4,531

2025

6,069

2026

2,621

Latest Linux CVEs

The most recently disclosed vulnerabilities affecting Linux.

smb: client: reject userspace cifs.spnego descriptions
CWE-20
High · CVSS 7.8
EPSS 0.0%2026-06-01
eventpoll: fix ep_remove struct eventpoll / struct file UAF
Unscored
EPSS 0.0%2026-05-30
High vulnerability · 2026-05-28
High · CVSS 8.8
EPSS 0.0%2026-05-28
High vulnerability · 2026-05-28
High · CVSS 8.8
EPSS 0.1%2026-05-28
Medium vulnerability · 2026-05-28
Medium · CVSS 4.3
EPSS 0.0%2026-05-28
Medium vulnerability · 2026-05-28
Medium · CVSS 6.5
EPSS 0.0%2026-05-28
High vulnerability · 2026-05-28
High · CVSS 8.3
EPSS 0.1%2026-05-28
High vulnerability · 2026-05-28
High · CVSS 7.5
EPSS 0.1%2026-05-28
Medium vulnerability · 2026-05-28
Medium · CVSS 5.4
EPSS 0.0%2026-05-28
High vulnerability · 2026-05-28
High · CVSS 8.8
EPSS 0.1%2026-05-28
High vulnerability · 2026-05-28
High · CVSS 8.3
EPSS 0.1%2026-05-28
High vulnerability · 2026-05-28
High · CVSS 8.3
EPSS 0.1%2026-05-28

Track new Linux CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Linux CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs cisco6,813 CVEs

Browse all vendors

Frequently asked questions

Common questions about Linux vulnerabilities.

How many CVEs does Linux have?

Linux has 19,131 published CVE records since 1999, including 8,690 in the last two years.

How many Linux CVEs are in CISA KEV?

Yes — 84 of Linux's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which Linux products have the most CVEs?

The Linux products with the most published CVEs are linux kernel, Linux, windows, Kernel, debian linux.

What are the most common weakness types in Linux CVEs?

Linux's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-476 (NULL Pointer Dereference), CWE-401 (Missing Release of Memory after Effective Lifetime), CWE-125 (Out-of-bounds Read).

Are there public exploits for Linux vulnerabilities?

Yes — 843 of Linux's CVEs have a known public exploit.

How many critical Linux vulnerabilities are there?

Linux has 216 critical and 2,215 high-severity CVEs.

What is the average severity of Linux CVEs?

The average CVSS base score across Linux's scored CVEs is 6.4.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Linux vulnerabilities

Monitor new Linux vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing