Glibc
This hub aggregates every CVE we track for Glibc, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
168
CVEs tracked
22
Critical
62
High
1
In CISA KEV
Severity distribution
MEDIUM75HIGH62CRITICAL22LOW9
Monthly trend
0
0
0
0
0
1
1
0
0
0
1
2
1
0
0
0
0
0
3
0
4
4
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Glibc.
- CVE-2026-6238Buffer overread in ns_printrrf with corrupted RDATA field6.5
- CVE-2026-5435Potential buffer overflow in ns_sprintrrf TSIG handling path7.3
- CVE-2026-5450scanf %mc off-by-one heap buffer overflow9.8
- CVE-2026-5928Potential buffer under-read in ungetwc7.5
- CVE-2026-4046iconv crash due to assertion failure with untrusted input7.5
- CVE-2026-4438gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames5.4
- CVE-2026-4437gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response7.5
- CVE-2026-3904Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp o...6.2
- CVE-2025-15281wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory7.5
- CVE-2026-0915getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler7.5
- CVE-2026-0861Integer overflow in memalign leads to heap corruption8.4
- CVE-2025-8058The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an ...4.2
- CVE-2025-5745The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those regis...5.6
- CVE-2025-5702The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those regist...5.6
- CVE-2025-4802Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid...7.8
Product normalization is registry-driven with AI assist and human review. How it works