Ubuntu security advisories
25 threat alerts tracking vulnerabilities and security advisories that affect Ubuntu products.
Vulnios monitors Ubuntu CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Ubuntu security news in one place, or click into an individual alert for full detail.
USN-8268-1: Dnsmasq vulnerabilities
Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write
criticalCVE-2026-2291USN-8263-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files in certain instances. If a user or automated system using ImageMagick were tricked into opening a specially crafted
criticalCVE-2018-15607USN-8248-2: NASM regression
USN-8248-1 fixed vulnerabilities in NASM. Unfortunately the update introduced a regression which could cause NASM to crash. This update fixes the problem by reverting the fix for CVE-2021-33450 and CV
criticalCVE-2021-33450USN-8246-1: Vim vulnerabilities
Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affec
criticalCVE-2026-35177USN-8259-1: OpenEXR vulnerabilities
Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when processing deep scan line image files. An attacker could possibly use this issue to cause OpenEXR to crash, resul
criticalCVE-2026-27622USN-8248-1: NASM vulnerabilities
Daisy Chen discovered that NASM was vulnerable to a heap buffer overflow when handling certain input. An attacker could possibly use this issue to cause NASM to crash, resulting in a denial of service
criticalCVE-2023-31722USN-8236-1: Slurm vulnerabilities
It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected
criticalCVE-2023-41914USN-8233-2: nghttp2 vulnerability
USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly v
criticalSANS Internet Storm Center Advisory — May 4, 2026
This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have "automatic updates" enabled on your system. There will be two major changes: ]]>
criticalUSN-8225-1: Python marshmallow vulnerabilities
Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubunt
criticalCVE-2018-17175USN-8195-3: PackageKit vulnerability
USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that
criticalUSN-8087-3: python-cryptography vulnerability
USN-8087-1 fixed a vulnerability in python-cryptography. This update provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was di
criticalUSN-8198-2: Tornado vulnerabilities
USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing
criticalCVE-2026-31958USN-8217-1: follow-redirects vulnerabilities
It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could possibly use this issue to expose sensitive information. This issue only
criticalCVE-2022-0155USN-8219-1: UltraJSON vulnerabilities
Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a d
criticalCVE-2026-32874USN-8190-2: Rack::Session vulnerability
USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not p
criticalUSN-8136-2: Dovecot regression
USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original adviso
criticalCVE-2025-59028USN-8202-2: jq vulnerabilities
USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string
criticalCVE-2026-32316USN-8213-1: Vim vulnerabilities
Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affec
criticalCVE-2026-35177USN-8202-1: jq vulnerabilities
It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addre
criticalCVE-2026-32316USN-8199-1: OpenStack Glance vulnerabilities
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue o
criticalCVE-2024-32498USN-8182-1: Rack vulnerabilities
Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 2
criticalCVE-2026-26961USN-8181-1: ESAPI vulnerabilities
Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to co
criticalCVE-2022-23457USN-8168-2: Rust vulnerability
USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was
criticalUSN-8138-2: tar-rs vulnerability
USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks wh
critical
Track Ubuntu exposure across your environment
Vulnios automatically cross-references your asset inventory against new Ubuntu CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan