Opensuse tumbleweed

This hub aggregates every CVE we track for Opensuse tumbleweed, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Opensuse tumbleweed.

• CVE-2026-41051csync2 uses insecure temporary directories when compiled with C99 or later5.0May 13, 2026
• CVE-2026-3832Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response3.7Apr 30, 2026
• CVE-2026-3833Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison6.5Apr 30, 2026
• CVE-2026-22008Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with n...3.7Apr 21, 2026
• CVE-2026-34757LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure5.1Apr 9, 2026
• CVE-2026-33636LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch647.6Mar 26, 2026
• CVE-2025-22873Improper access to parent directory of root in os3.8Feb 4, 2026
• CVE-2025-11065Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure5.3Jan 26, 2026
• CVE-2025-43904In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.4.2Jan 16, 2026
• CVE-2026-0892Memory safety bugs fixed in Firefox 147 and Thunderbird 1479.8Jan 13, 2026
• CVE-2026-0891Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 1478.1Jan 13, 2026
• CVE-2025-68260rust_binder: fix race condition on death_list5.5Dec 16, 2025
• CVE-2024-33861Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с недостаточной проверкой входных данных, позволяющая нарушителю обойти внедренные ограничения безопасности5.8Dec 11, 2025
• CVE-2025-62875Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock5.5Nov 20, 2025
• CVE-2025-10966missing SFTP host verification with wolfSSH4.3Nov 7, 2025