Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Canonical — Vulnerabilities & Security Advisories 121

Browse all 121 CVE security advisories affecting Canonical. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Canonical Ltd. primarily develops and maintains Ubuntu, a widely deployed Linux distribution, alongside the OpenStack cloud infrastructure platform and the Snap package management system. Security audits reveal a significant volume of recorded vulnerabilities, currently totaling 107 CVEs, reflecting the extensive codebase and third-party dependencies inherent in these large-scale software ecosystems. Historically, the most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation or insecure default configurations within associated services. While no single catastrophic incident has defined the company’s security history, the sheer number of disclosed issues highlights the challenges of maintaining rigorous patch cycles across diverse components. These findings underscore the necessity for continuous monitoring and timely updates for organizations relying on Canonical’s open-source technologies to mitigate potential exploitation risks.

Top products by Canonical: apport Ubuntu Linux LXD Juju snapd Multipass Python-apt cloud-init pulseaudio aptdaemon Ubuntu whoopsie unity-firefox-extension Ubuntu Kernel authd add-apt-repository Ubuntu Server operator snap get-workflow-version-action mysql-k8s-operator Juju utils canonical-livepatch MAAS apt snapcraft Linux kernel software-properties ppp Subiquity
CVE IDTitleCVSSSeverityPublished
CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint — lxdCWE-862 4.3AIMediumAI2026-03-03
CVE-2026-1237 Juju 安全漏洞 — jujuCWE-672 8.8AIHighAI2026-01-28
CVE-2025-5467 Ubuntu Apport Insecure File Permissions Vulnerability — apportCWE-708 3.3AILowAI2025-12-10
CVE-2025-6966 Null-pointer dereference in python-apt TagSection.keys() — python-aptCWE-476 5.5 -2025-12-05
CVE-2025-54293 Path Traversal in LXD Instance Log File Retrieval — LXDCWE-22 6.5AIMediumAI2025-10-02
CVE-2025-54292 Client-Side Path Traversal in LXD-UI — LXDCWE-22 8.1AIHighAI2025-10-02
CVE-2025-54291 Project existence disclosure in LXD images API — LXDCWE-209 5.3AIMediumAI2025-10-02
CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export — LXDCWE-200 5.3AIMediumAI2025-10-02
CVE-2025-54289 Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API — LXDCWE-1385 8.8AIHighAI2025-10-02
CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server — LXDCWE-290 5.1AIMediumAI2025-10-02
CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns — LXDCWE-1336 6.5AIMediumAI2025-10-02
CVE-2025-54286 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI — LXDCWE-352 8.8AIHighAI2025-10-02
CVE-2024-6107 Canonical MAAS 安全漏洞 — MAASCWE-287 9.6 Critical2025-07-21
CVE-2025-5199 LPE on Multipass for macOS — MultipassCWE-276 7.3 High2025-07-11
CVE-2025-0928 Arbitrary executable upload via authenticated endpoint — JujuCWE-285 8.8 High2025-07-08
CVE-2025-53513 Zip slip vulnerability in Juju — JujuCWE-24 8.8 High2025-07-08
CVE-2025-53512 Sensitive log retrieval in Juju — JujuCWE-200 6.5 Medium2025-07-08
CVE-2025-6224 Key leakage in juju/utils certificates — Juju utilsCWE-312 6.5 Medium2025-07-01
CVE-2024-11584 cloud-init 安全漏洞 — cloud-init 5.9 Medium2025-06-26
CVE-2024-6174 cloud-init 安全漏洞 — cloud-init 8.8 High2025-06-26
CVE-2025-5689 Improper Permission Management in SSH Session Handling — authd 8.5 High2025-06-16
CVE-2025-5054 Race Condition in Canonical Apport — ApportCWE-362 4.7 Medium2025-05-30
CVE-2025-24375 MySQL K8s charm could leak credentials for root-level user `serverconfig` — mysql-k8s-operatorCWE-256 5.0 Medium2025-04-09
CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output — get-workflow-version-actionCWE-532 8.2 High2025-04-02
CVE-2024-29069 snapd will follow archived symlinks when unpacking a filesystem — snapdCWE-610 4.8 Medium2024-07-25
CVE-2024-29068 snapd non-regular file indefinite blocking read — snapdCWE-20 5.8 Medium2024-07-25
CVE-2024-1724 snapd allows $HOME/bin symlink — snapCWE-732 6.3 Medium2024-07-25
CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command — operatorCWE-532 4.4 Medium2024-07-22
CVE-2023-5536 LXD 安全漏洞 — Ubuntu Server 5.0 Medium2023-12-12
CVE-2023-32629 Canonical Ubuntu 安全漏洞 — Ubuntu KernelCWE-863 7.8 High2023-07-26

This page lists every published CVE security advisory associated with Canonical. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.