Last active
September 28, 2025 18:20
-
-
Save LeSuisse/8d8687aaccf3a6b0edfc8d2e2c38e45f to your computer and use it in GitHub Desktop.
ML Distros Archive CSV Format - https://oss-security.openwall.org/wiki/mailing-lists/distros/stats
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proj | soss | toss | cves | |
|---|---|---|---|---|
| CUPS | [oss-security] CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate | 1757604607 | CVE-2025-58060 | |
| CUPS | [oss-security] CVE-2025-58364 cups: Remote DoS via null dereference | 1757604612 | CVE-2025-58364 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path | 1757483605 | CVE-2025-9086 | |
| Perl CPAN JSON::XS | [oss-security] CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified | 1757353591 | CVE-2025-40928 | |
| Perl CPAN Cpanel::JSON::XS | [oss-security] CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact | 1757353590 | CVE-2025-40929 | |
| Perl CPAN JSON::SIMD | [oss-security] CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact | 1757353617 | CVE-2025-40930 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask | 1757483681 | CVE-2025-10148 | |
| Stork | [oss-security] ISC has disclosed one vulnerability in Stork (CVE-2025-8696) | 1757531282 | CVE-2025-8696 | |
| AIDE | [oss-security] CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass) | 1755197796 | CVE-2025-54389 | |
| AIDE | [oss-security] CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS) | 1755197809 | CVE-2025-54409 | |
| UDisks | [oss-security] CVE-2025-8067 - UDisks | 1756394491 | CVE-2025-8067 | |
| Kea | [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-40779) | 1756323257 | CVE-2025-40779 | |
| Git | [oss-security] Multiple vulnerabilities fixed in Git | 1751994551 | CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, CVE-2025-48386 | |
| Debian packaging of AIDE | [oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE | 1753222460 | ||
| BIND 9 | [oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) | 1752704828 | CVE-2025-40777 | |
| Linux | [oss-security] Linux kernel: eBPF vulnerabilities | 1754186315 | ||
| curl | [oss-security] [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop | 1749016378 | CVE-2025-5399 | |
| Perl module File::Find::Rule | [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name | 1749147475 | CVE-2011-10007 | |
| xdg-open | [oss-security] xdg-open bypassing SameSite=Strict | 1750689216 | ||
| libblockdev | [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks | 1750190472 | CVE-2025-6018, CVE-2025-6019 | |
| X.Org X server and Xwayland | [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland | 1750169473 | CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180 | |
| Linux-PAM | [oss-security] pam: pam_namespace local privilege escalation (CVE-2025-6020) | 1750166390 | CVE-2025-6020 | |
| sudo | [oss-security] CVE-2025-32462: sudo local privilege escalation via host option | 1751300078 | CVE-2025-32462, CVE-2025-32463 | |
| SOPE / SOGo | [oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo | 1751476422 | ||
| Varnish Cache | [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack | 1747149594 | VSV00016, CVE-2025-47905 | |
| open-vm-tools | [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools | 1747067416 | CVE-2025-22247 | |
| OpenStack Ironic | [oss-security] OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs | 1746729791 | CVE-2025-44021 | |
| Kea | [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) | 1748450445 | CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 | |
| BIND 9 | [oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure | 1747831644 | CVE-2025-40775 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL | 1748411391 | CVE-2025-4947 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL | 1748411397 | CVE-2025-5025 | |
| apport, systemd-coredump | [oss-security] Local information disclosure in apport and systemd-coredump | 1748539042 | CVE-2025-5054, CVE-2025-4598 | |
| Linux | [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros | 1748919654 | ||
| c-ares | [oss-security] CVE-2025-31498: c-ares use-after-free | 1744117239 | CVE-2025-31498 | |
| Perl | [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes | 1744554106 | CVE-2024-56406 | |
| screen | [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) | 1747063480 | CVE-2025-23395, CVE-2025-46802, CVE-2025-46803, CVE-2025-46804, CVE-2025-46805 | |
| OpenSSH | [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client | 1739870091 | CVE-2025-26465, CVE-2025-26466 | |
| GRUB | [oss-security] GRUB CVE disclosures | 1739905790 | CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783 CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125 | |
| X.Org X server and Xwayland | [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland | 1740498797 | CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601 | |
| Exim | [oss-security] CVE-2025-26794: Exim: SQL injection | 1740173761 | CVE-2025-26794 | |
| Git | [oss-security] git: 2 vulnerabilities fixed | 1736877842 | CVE-2024-50349, CVE-2024-52006 | |
| rsync | [oss-security] RSYNC: 6 vulnerabilities | 1736877797 | CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 | |
| Linux | [oss-security] Linux: kernel BUG at fs/ocfs2/refcounttree.c:2678 ocfs2_refcount_cal_cow_clusters in 6.13.0 | 1738863448 | ||
| BIND 9 | [oss-security] ISC has disclosed two vulnerabilities in BIND 9 (CVE-2024-11187, CVE-2024-12705) | 1738169911 | CVE-2024-11187, CVE-2024-12705 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0167: netrc and default credential leak | 1738743704 | CVE-2025-0167 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close | 1738743709 | CVE-2025-0665 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow | 1738743712 | CVE-2025-0725 | |
| OpenSSL | [oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected | 1739293310 | CVE-2024-12797 | |
| pam_pkcs11 | [oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) | 1738853728 | CVE-2025-24531 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-11053: netrc and redirect credential leak | 1733902048 | CVE-2024-11053 | |
| BIND 9 | [oss-security] Fwd: Operational Notification: BIND 9.20 defect in QPzone implementation | 1734742696 | ||
| Linux | [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization | 1736182722 | ||
| needrestart, Module::ScanDeps | [oss-security] Local Privilege Escalations in needrestart | 1732033529 | CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, CVE-2024-11003 | |
| Linux | [oss-security] Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect() | 1732855316 | CVE-2024-27398? | |
| X.Org X server and Xwayland | [oss-security] CVE-2024-9632: X.Org X server and Xwayland: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap | 1730220004 | CVE-2024-9632 | |
| curl | [oss-security] [SECURITY ADVISTORY] curl: CVE-2024-9681 HSTS subdomain overwrites parent cache entry | 1730877914 | CVE-2024-9681 | |
| Unix shells | [oss-security] shell wildcard expansion (un)safety | 1730866353 | ||
| Linux | [oss-security] Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() | 1725281633 | ||
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-8096: OCSP stapling bypass with GnuTLS | 1726033664 | CVE-2024-8096 | |
| OpenStack Ironic | [oss-security] OSSA-2024-004 / CVE-2024-47211: OpenStack Ironic <26.1.1 fails to verify checksums of supplied image_source URLs when configured to convert images to raw for streaming | 1728159297 | CVE-2024-47211 | |
| PowerDNS | [oss-security] PowerDNS Security Advisory 2024-04 | 1727971676 | CVE-2024-25590 | |
| oath-toolkit | [oss-security] CVE-2024-47191: Local root exploit in the PAM module pam_oath.so | 1728054006 | CVE-2024-47191 | |
| OpenSSL | [oss-security] CVE-2024-6119: OpenSSL: Possible denial of service in X.509 name checks | 1725380138 | CVE-2024-6119 | |
| OpenStack Ironic | [oss-security] [OSSA-2024-003] OpenStack Ironic: Unvalidated image data passed to qemu-img (CVE-2024-44082) | 1725471024 | CVE-2024-44082 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str | 1721802888 | CVE-2024-6197 | |
| BIND 9 | [oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076) | 1721746585 | CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076 | |
| OpenStack Nova | [oss-security] [OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767) | 1721746830 | CVE-2024-40767 | |
| Linux | [oss-security] inux kernel: virtio-net host dos | 1721841843 | CVE-2024-41090, CVE-2024-41091 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-7264 ASN.1 date parser overread | 1722410397 | CVE-2024-7264 | |
| CUPS | [oss-security] CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | 1718115050 | CVE-2024-35235 | |
| OpenSSH | [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems | 1719823229 | CVE-2024-6387 | |
| OpenSSH | Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems | 1720455690 | CVE-2024-6409 | |
| Emacs Org mode | [oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs) | 1719133495 | ||
| OpenStack | [oss-security] [OSSA-2024-001] OpenStack Cinder, Glance, Nova: Arbitrary file access through custom QCOW2 external data (CVE-2024-32498) | 1719932492 | CVE-2024-32498 | |
| Linux | [oss-security] Linux non-security almost non-issue: stack-out-of-bounds Read in profile_pc | 1719694228 | ||
| aiohttp | [oss-security] CVE-2024-30251: DoS in aiohttp | 1714658960 | CVE-2024-30251 | |
| PowerDNS DNSdist | [oss-security] PowerDNS Security Advisory 2024-03: Transfer requests received over DoH can lead to a denial of service in DNSdist | 1715595489 | CVE-2024-25581 | |
| Git | [oss-security] git: 5 vulnerabilities fixed | 1715715290 | CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465 | |
| glibc | [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence | 1713375819 | CVE-2024-2961 | |
| PuTTY | [oss-security] CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client | 1713210238 | CVE-2024-31497 | |
| Linux | [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? | 1712779052 | ||
| PowerDNS | [oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor | 1713958154 | CVE-2024-25583 | |
| Open Virtual Network | [oss-security] [ADVISORY] CVE-2024-2182: Open Virtual Network: Insufficient validation of incoming BFD packets. | 1710252782 | CVE-2024-2182 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-2004: Usage of disabled protocol | 1711522403 | CVE-2024-2004 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL | 1711522409 | CVE-2024-2379 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-2398: HTTP/2 push headers memory-leak | 1711522414 | CVE-2024-2398 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS | 1711522416 | CVE-2024-2466 | |
| util-linux | [oss-security] CVE-2024-28085: Escape sequence injection in util-linux wall | 1711552285 | ||
| xz | [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise | 1711728214 | CVE-2024-3094 | |
| X.Org X server, Xwayland | [oss-security] Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 | 1712170064 | CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 | |
| Linux | [oss-security] CVE-2024-1086: Linux: nf_tables: use-after-free vulnerability in the nft_verdict_init() function | 1712789505 | CVE-2024-1086 | |
| Open vSwitch | [oss-security] [ADVISORY] CVE-2023-3966: Open vSwitch: Invalid memory access in Geneve with HW offload. | 1707423221 | CVE-2023-3966 | |
| Unbound | [oss-security] Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities | 1707834235 | CVE-2023-50387, CVE-2023-50868 | |
| PowerDNS Recursor | Re: [oss-security] Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities | 1707860980 | CVE-2023-50387, CVE-2023-50868 | |
| BIND 9 | [oss-security] ISC has disclosed six vulnerabilities in BIND 9 (CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387, CVE-2023-50868) | 1707834217 | CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387, CVE-2023-50868 | |
| EDK2 based Virtual Machine firmware | [oss-security] Secure Boot bypass in EDK2 based Virtual Machine firmware | 1707922095 | CVE-2023-48733, CVE-2023-49721 | |
| c-ares | [oss-security] c-ares CVE-2024-25629 | 1708692051 | CVE-2024-25629 | |
| Mock | [oss-security] CVE-2023-6395 Mock: Privilege escalation for users that can access mock configuration | 1705415834 | CVE-2023-6395 | |
| Mock, Snap | [oss-security] Mock, Snap, LXC expose(d) chroot, container trees with unsafe permissions and contents to host users, pose risk to host | 1705437356 | ||
| X.Org X server and Xwayland | [oss-security] Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4 | 1705569700 | CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0409, CVE-2024-0408 | |
| Linux PAM pam_namespace | [oss-security] pam: pam_namespace misses O_DIRECTORY flag in `protect_dir()` (CVE-2024-22365) | 1705571313 | CVE-2024-22365 | |
| glibc | [oss-security] CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() | 1706639365 | CVE-2023-6246, CVE-2023-6779, CVE-2023-6780 | |
| glibc | [oss-security] Out-of-bounds read & write in the glibc's qsort() | 1706639851 | ||
| coreutils | [oss-security] GNU coreutils v9.4; v9.3; v9.2 split heap buffer overflow vulnerability | 1705569736 | CVE-2024-0684 | |
| curl | [oss-security] [SECURITY ADVISORY] curl: CVE-2024-0853 : OCSP verification bypass with TLS session reuse | 1706685004 | CVE-2024-0853 | |
| grub2-set-bootflag | [oss-security] CVE-2024-1048: grub2-set-bootflag may be abused to fill up /boot, bypass RLIMIT_NPROC | 1707238888 | CVE-2024-1048 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment