linux Vulnerabilities
CVE security advisories and vulnerability history for linux.
Overview
linux has 20,234 published CVE records since 1999, of which 83 are in CISA's Known Exploited Vulnerabilities catalog and 853 have a known public exploit. The average CVSS base score across scored CVEs is 6.4.
This page aggregates every publicly disclosed vulnerability (CVE) affecting linux products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.
Security scorecard
A quick read on linux's vulnerability posture, as a share of its 20,234 published CVEs.
- Average CVSS
- 6.4
- Critical / high
- 39%
- Actively exploited (KEV)
- 0%
- Public exploit available
- 4%
- Patch available
- 92%
across 18,876 scored CVEs
7,380 of 18,876 scored
83 of 20,234 CVEs
853 of 20,234 CVEs
18,716 of 20,234 CVEs
Severity and exploitation
How the CVSS severity of linux's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
1,358 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
83
83 of linux's CVEs are confirmed exploited in the wild.
Public exploits
853
853 of linux's CVEs have a known public exploit available.
Most affected products
The linux products with the most published CVEs. Follow any product to browse its versions and vulnerabilities.
Common weakness types
The CWE weakness categories most often found in linux CVEs. Follow any weakness for its full explanation.
- CWE-416Use After Free613 CVEs
- CWE-476NULL Pointer Dereference571 CVEs
- CWE-401Missing Release of Memory after Effective Lifetime264 CVEs
- CWE-125Out-of-bounds Read179 CVEs
- CWE-787Out-of-bounds Write156 CVEs
- CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')148 CVEs
- CWE-20Improper Input Validation131 CVEs
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')123 CVEs
CNAs that assign these CVEs
The CVE Numbering Authorities that publish linux CVE records.
Disclosure activity by year
How many linux CVEs were published each year.
Latest linux CVEs
The most recently disclosed vulnerabilities affecting linux.
- High · CVSS 7.8EPSS 0.2%2026-07-16
- High · CVSS 7.5EPSS 0.4%2026-07-14
- High · CVSS 8.2EPSS 0.2%2026-07-14
- Medium · CVSS 6.2EPSS 0.2%2026-07-14
- Medium · CVSS 6.2EPSS 0.2%2026-07-14
- High · CVSS 7.4EPSS 0.1%2026-07-14
- Medium · CVSS 6.8EPSS 0.2%2026-07-14
- High · CVSS 7.5EPSS 0.4%2026-07-14
- Medium · CVSS 6.2EPSS 0.2%2026-07-14
- Medium · CVSS 6.2EPSS 0.2%2026-07-14
- Medium · CVSS 6.2EPSS 0.2%2026-07-14
- High · CVSS 7.5EPSS 0.4%2026-07-14
Track new linux CVEs as they are disclosed and get AI-written analysis and remediation guidance.
Monitor linux CVEsOther vendors
Browse vulnerabilities for other tracked vendors.
Frequently asked questions
Common questions about linux vulnerabilities.
- How many CVEs does linux have?
- linux has 20,234 published CVE records since 1999, including 9,787 in the last two years.
- How many linux CVEs are in CISA KEV?
- Yes — 83 of linux's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which linux products have the most CVEs?
- The linux products with the most published CVEs are linux_kernel, linux, kernel, amdgpu driver, btrfs.
- What are the most common weakness types in linux CVEs?
- linux's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-476 (NULL Pointer Dereference), CWE-401 (Missing Release of Memory after Effective Lifetime), CWE-125 (Out-of-bounds Read).
- Are there public exploits for linux vulnerabilities?
- Yes — 853 of linux's CVEs have a known public exploit.
- How many critical linux vulnerabilities are there?
- linux has 1,088 critical and 6,292 high-severity CVEs.
- What is the average severity of linux CVEs?
- The average CVSS base score across linux's scored CVEs is 6.4.
References
- The MITRE CVE Program (opens in a new tab)
- Learn: What is a CVE?
- CWE directory: the weakness types these CVEs map to
- CNA directory: the CNAs that assign these CVEs
Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.
Track linux vulnerabilities
Monitor new linux vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.