Debian
This hub aggregates every CVE we track for Debian, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
20,496
CVEs tracked
1,725
Critical
8,047
High
165
In CISA KEV
Severity distribution
MEDIUM9,960HIGH8,047CRITICAL1,725LOW764
Monthly trend
268
218
364
217
271
191
349
151
151
311
220
272
135
475
331
99
271
102
49
132
83
104
30
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Debian.
- CVE-2026-56968GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.3.7
- CVE-2026-46331net/sched: fix pedit partial COW leading to page cache corruption7.8
- CVE-2026-46520ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions7.5
- CVE-2026-45664ImageMagick: Policy Bypass in MNG coder could5.3
- CVE-2026-49975Apache HTTP Server: mod_http2 denial of service7.5
- CVE-2026-3238Samba: denial of service against ad dc wins server7.5
- CVE-2026-11237Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted H...8.3
- CVE-2026-11236Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v...8.3
- CVE-2026-11235Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox ...8.8
- CVE-2026-11231Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)8.1
- CVE-2026-11233Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted...4.7
- CVE-2026-11232Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)5.4
- CVE-2026-11230Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)8.8
- CVE-2026-11229Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security sev...6.1
- CVE-2026-11228Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a craf...4.3
Product normalization is registry-driven with AI assist and human review. How it works