1,285 CVEs

48 in CISA KEV

suse Vulnerabilities

CVE security advisories and vulnerability history for suse.

1,285

Total CVEs

Published

48

In CISA KEV

Exploited in the wild

196

Public exploits

With known exploit

7.2

Avg CVSS

1999–2026

Overview

suse has 1,285 published CVE records since 1999, of which 48 are in CISA's Known Exploited Vulnerabilities catalog and 196 have a known public exploit. The average CVSS base score across scored CVEs is 7.2.

This page aggregates every publicly disclosed vulnerability (CVE) affecting suse products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of suse's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical49

High127

Medium84

Low20

1,005 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

48

48 of suse's CVEs are confirmed exploited in the wild.

Public exploits

196

196 of suse's CVEs have a known public exploit available.

Most affected products

The suse products with the most published CVEs.

linux enterprise server500 CVEs
opensuse492 CVEs
linux enterprise desktop466 CVEs
ubuntu linux422 CVEs
debian linux408 CVEs
enterprise linux desktop362 CVEs
enterprise linux server329 CVEs
enterprise linux workstation315 CVEs

Common weakness types

The CWE weakness categories most often found in suse CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish suse CVE records.

Disclosure activity by year

How many suse CVEs were published each year.

2019

41

2020

78

2021

18

2022

28

2023

25

2024

29

2025

39

2026

13

Latest suse CVEs

The most recently disclosed vulnerabilities affecting suse.

Missing exit out of permission check in haveged could lead to root exploit
CWE-305
High · CVSS 7.8
EPSS 0.0%2026-05-20
Path Traversal in Plugin Loading in libzypp
CWE-35
High · CVSS 8.5
EPSS 0.0%2026-05-20
csync2 uses insecure temporary directories when compiled with C99 or later
CWE-367
Medium · CVSS 5.1
EPSS 0.0%2026-05-13
Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
CWE-863
Critical · CVSS 9.9
EPSS 0.0%2026-05-13
Rancher Extensions have arbitrary file access via path traversal
CWE-35
High · CVSS 8.4
EPSS 0.0%2026-05-13
crypto: algif_aead - Revert to operating out-of-place
CISA KEV
CWE-669
High · CVSS 7.8
EPSS 2.2%2026-04-22
nftables disabled due to incorrect kernel backport
CWE-284
High · CVSS 7.3
EPSS 0.1%2026-03-05
Rancher Backup Operator pod's logs leak S3 tokens
CWE-532
Medium · CVSS 6.8
EPSS 0.0%2026-03-04
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
CWE-23
Critical · CVSS 9.9
EPSS 0.0%2026-02-25
Rancher CLI skips TLS verification on Rancher CLI login command
CWE-295
High · CVSS 8.3
EPSS 0.0%2026-02-25
NeuVector scanner insecurely handles passwords as command arguments
CWE-522
Low · CVSS 3.8
EPSS 0.0%2026-02-25
Harvest may expose OS default ssh login password via SUSE Virtualization Interactive Installer
CWE-1188
Critical · CVSS 9.8
EPSS 0.0%2026-01-08

Track new suse CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor suse CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

code-projects1,391 CVEs GitLab1,390 CVEs Red Hat1,386 CVEs netgear1,326 CVEs Samsung Mobile1,301 CVEs gitlab-org1,296 CVEs gnu1,241 CVEs totolink1,231 CVEs

Browse all vendors

Frequently asked questions

Common questions about suse vulnerabilities.

How many CVEs does suse have?

suse has 1,285 published CVE records since 1999, including 52 in the last two years.

How many suse CVEs are in CISA KEV?

Yes — 48 of suse's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which suse products have the most CVEs?

The suse products with the most published CVEs are linux enterprise server, opensuse, linux enterprise desktop, ubuntu linux, debian linux.

What are the most common weakness types in suse CVEs?

suse's CVEs most often map to these CWE weakness types: CWE-59 (Improper Link Resolution Before File Access ('Link Following')), CWE-276 (Incorrect Default Permissions), CWE-269 (Improper Privilege Management), CWE-284 (Improper Access Control).

Are there public exploits for suse vulnerabilities?

Yes — 196 of suse's CVEs have a known public exploit.

How many critical suse vulnerabilities are there?

suse has 49 critical and 127 high-severity CVEs.

What is the average severity of suse CVEs?

The average CVSS base score across suse's scored CVEs is 7.2.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track suse vulnerabilities

Monitor new suse vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing