Fedora
This hub aggregates every CVE we track for Fedora, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
6,145
CVEs tracked
513
Critical
2,644
High
88
In CISA KEV
Severity distribution
MEDIUM2,718HIGH2,644CRITICAL513LOW270
Monthly trend
5
5
14
21
57
11
16
1
11
15
7
20
11
8
6
1
18
22
10
9
18
2
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Fedora.
- CVE-2026-43284xfrm: esp: avoid in-place decrypt on shared skb frags8.8
- CVE-2026-35094Libinput: libinput: information disclosure via dangling pointer in lua plugin handling3.3
- CVE-2026-35093Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins8.8
- CVE-2026-25645Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function4.4
- CVE-2026-2369Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources6.5
- CVE-2026-3942Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)4.3
- CVE-2026-3941Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...4.3
- CVE-2026-3940Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...5.3
- CVE-2026-3939Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)5.3
- CVE-2026-3938Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML ...4.3
- CVE-2026-3937Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)6.5
- CVE-2026-3936Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: M...8.8
- CVE-2026-3935Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)6.5
- CVE-2026-3934Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: ...6.5
- CVE-2026-3932Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev...7.5
Product normalization is registry-driven with AI assist and human review. How it works