CVE reports
The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section
Search CVEs
By Ubuntu release
Recent CVEs
Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18.
1 affected package
exim4
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions....
1 affected package
cpp-httplib
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use...
3 affected packages
runc, runc-app, runc-stable
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks...
3 affected packages
runc, runc-app, runc-stable
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that...
3 affected packages
runc, runc-app, runc-stable
Resources
Join the discussion
Ubuntu Pro
10-year security coverage for Ubuntu and 23,000 open-source applications and toolchains.
Get Ubuntu Pro 30-day free trialFrom our blog
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 3
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 2
- Running OpenSSL 1.1.1 after EOL? Stay secure with Ubuntu Pro.
- Restricted unprivileged user namespaces are coming to Ubuntu 23.10
- Securing open source software dependencies in the public cloud