3,298 CVEs

58 in CISA KEV

opensuse Vulnerabilities

CVE security advisories and vulnerability history for opensuse.

3,298

Total CVEs

Published

58

In CISA KEV

Exploited in the wild

301

Public exploits

With known exploit

6.6

Avg CVSS

2007–2026

Overview

opensuse has 3,298 published CVE records since 2007, of which 58 are in CISA's Known Exploited Vulnerabilities catalog and 301 have a known public exploit. The average CVSS base score across scored CVEs is 6.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting opensuse products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of opensuse's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical50

High226

Medium203

Low71

2,748 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

58

58 of opensuse's CVEs are confirmed exploited in the wild.

Public exploits

301

301 of opensuse's CVEs have a known public exploit available.

Most affected products

The opensuse products with the most published CVEs.

leap1,931 CVEs
debian linux1,540 CVEs
opensuse1,465 CVEs
ubuntu linux1,179 CVEs
fedora957 CVEs
chrome519 CVEs
enterprise linux server478 CVEs
enterprise linux desktop462 CVEs

Common weakness types

The CWE weakness categories most often found in opensuse CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish opensuse CVE records.

Disclosure activity by year

How many opensuse CVEs were published each year.

2019

701

2020

788

2021

21

2022

20

2023

11

2024

2

2025

4

2026

4

Latest opensuse CVEs

The most recently disclosed vulnerabilities affecting opensuse.

Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
CWE-787
High · CVSS 7.8
EPSS 0.0%2026-05-26
crypto: algif_aead - Revert to operating out-of-place
CISA KEV
CWE-669
High · CVSS 7.8
EPSS 2.2%2026-04-22
High vulnerability · 2026-02-25
CWE-377
High · CVSS 7.0
EPSS 0.0%2026-02-25
MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
CWE-787
High · CVSS 7.7
EPSS 0.0%2026-02-10
Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock
CWE-754
Medium · CVSS 6.9
EPSS 0.0%2025-11-20
SUSE-specific logrotate configuration allows escalation from mail user/group to root
CWE-61
Medium · CVSS 6.9
EPSS 0.0%2025-10-02
High vulnerability · 2025-09-02
CWE-61
High · CVSS 8.5
EPSS 0.0%2025-09-02
Critical vulnerability · 2025-06-30
CISA KEV
CWE-829
Critical · CVSS 9.3
EPSS 57.3%2025-06-30
XSS vulnerability found in OpenSuse MirrorCache
CWE-79
Medium · CVSS 5.3
EPSS 0.3%2024-11-13
High vulnerability · 2024-11-13
CWE-377
High · CVSS 7.3
EPSS 0.1%2024-11-13
Medium vulnerability · 2023-09-19
CWE-59
Medium · CVSS 5.9
EPSS 0.0%2023-09-19
High vulnerability · 2023-09-19
CWE-922
High · CVSS 7.8
EPSS 0.1%2023-09-19

Track new opensuse CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor opensuse CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

npm4,026 CVEs mozilla3,612 CVEs Siemens3,230 CVEs apache2,972 CVEs Qualcomm, Inc.2,934 CVEs hp2,526 CVEs netapp2,517 CVEs qualcomm2,477 CVEs

Browse all vendors

Frequently asked questions

Common questions about opensuse vulnerabilities.

How many CVEs does opensuse have?

opensuse has 3,298 published CVE records since 2007, including 8 in the last two years.

How many opensuse CVEs are in CISA KEV?

Yes — 58 of opensuse's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which opensuse products have the most CVEs?

The opensuse products with the most published CVEs are leap, debian linux, opensuse, ubuntu linux, fedora.

What are the most common weakness types in opensuse CVEs?

opensuse's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-20 (Improper Input Validation), CWE-59 (Improper Link Resolution Before File Access ('Link Following')), CWE-416 (Use After Free).

Are there public exploits for opensuse vulnerabilities?

Yes — 301 of opensuse's CVEs have a known public exploit.

How many critical opensuse vulnerabilities are there?

opensuse has 50 critical and 226 high-severity CVEs.

What is the average severity of opensuse CVEs?

The average CVSS base score across opensuse's scored CVEs is 6.6.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track opensuse vulnerabilities

Monitor new opensuse vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing