gnome
357 tracked vulnerabilities.
CVE-2026-58016
HIGH
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Jun 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-58015
MEDIUM
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Jun 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-58014
HIGH
Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
Jun 30, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-58013
MEDIUM
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-58012
MEDIUM
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-58011
MEDIUM
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-58010
MEDIUM
Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13601
HIGH
Yelp yelp-xsl - Host File Disclosure via Flatpak OpenURI
Jun 29, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-12549
MEDIUM
libsoup SoupServer - Range Suffix Overflow Regression
Jun 22, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-6653
HIGH
libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling
Jun 22, 2026
EPSS 0.00
CVE-2026-2604
MEDIUM
Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling
Jun 17, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1767
MEDIUM
GNOME localsearch MP3 Extractor - Heap Buffer Overflow
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1766
MEDIUM
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1764
MEDIUM
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-44931
MEDIUM
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
May 13, 2026
EPSS 0.00
CVE-2026-2708
LOW
Libsoup: libsoup: http request smuggling via duplicate content-length headers
Apr 23, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-5201
HIGH
Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Mar 31, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-5119
MEDIUM
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
Mar 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-2436
MEDIUM
Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
Mar 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-2369
MEDIUM
Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-4271
MEDIUM
Libsoup: libsoup: denial of service via use-after-free in http/2 server
Mar 17, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-3634
LOW
Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3633
LOW
Libsoup: libsoup: header and http request injection via crlf injection
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3632
LOW
Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3099
MEDIUM
Red Hat Enterprise Linux - Digest Authentication Nonce Reuse
Mar 12, 2026
CVSS 5.8
EPSS 0.00
Products
glib 33
libsoup 26
evolution 21
gdk-pixbuf 20
gdm 15
gtk 15
epiphany 13
networkmanager 12
gdkpixbuf 11
gnome-shell 11
screensaver 11
gnome_display_manager 10
librsvg 10
GLib 7
evince 7
pango 6
gpdf 5
gvfs 5
libcroco 5
nautilus 4
balsa 3
evolution-data-server 3
file-roller 3
gnumeric 3
gthumb 3
gtk-vnc 3
libgsf 3
libgxps 3
libxml2 3
localsearch 3
Quick Filters