Debian

This hub aggregates every CVE we track for Debian, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Operating Systemson-premos

20,478

CVEs tracked

1,718

Critical

8,031

High

165

In CISA KEV

Severity distribution

MEDIUM9,964HIGH8,031CRITICAL1,718LOW765

Monthly trend

324

268

218

364

217

271

191

349

151

311

220

272

135

475

331

271

119

102

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Debian.

CVE-2026-49975Apache HTTP Server: mod_http2 denial of service7.5Jun 8, 2026
CVE-2026-3238Samba: denial of service against ad dc wins server7.5Jun 8, 2026
CVE-2026-11237Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted H...8.3Jun 4, 2026
CVE-2026-11236Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v...8.3Jun 4, 2026
CVE-2026-11235Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox ...8.8Jun 4, 2026
CVE-2026-11233Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted...4.7Jun 4, 2026
CVE-2026-11232Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)5.4Jun 4, 2026
CVE-2026-11231Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)8.1Jun 4, 2026
CVE-2026-11230Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)8.8Jun 4, 2026
CVE-2026-11229Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security sev...6.1Jun 4, 2026
CVE-2026-11228Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a craf...4.3Jun 4, 2026
CVE-2026-11227Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)6.5Jun 4, 2026
CVE-2026-11225Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)6.5Jun 4, 2026
CVE-2026-11224Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)8.1Jun 4, 2026
CVE-2026-11223Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a c...6.5Jun 4, 2026

Product normalization is registry-driven with AI assist and human review. How it works