Libzypp
This hub aggregates every CVE we track for Libzypp, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
0
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5MEDIUM3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
2024-082026-07
Latest CVEs
The 8 most recently published vulnerabilities affecting Libzypp.
- CVE-2026-25707Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp8.8
- CVE-2026-44942libzypp .repo files can have an optional path which can lead to path traversal attacks6.5
- CVE-2019-18900libzypp stores cookies world readable4.0
- CVE-2018-7685libzypp does not reevaluate malicious rpms once downloaded7.8
- CVE-2017-7436libzypp accepts unsigned packages even when configured to check signatures8.1
- CVE-2017-7435libzypp accepts unsigned 3rd party repo without warning8.1
- CVE-2017-9269lack of keypinning in libzypp could lead to repository switching7.7
- CVE-2013-3704The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might a...4.3
Product normalization is registry-driven with AI assist and human review. How it works