Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Canonical — Vulnerabilities & Security Advisories 121

Browse all 121 CVE security advisories affecting Canonical. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Canonical Ltd. primarily develops and maintains Ubuntu, a widely deployed Linux distribution, alongside the OpenStack cloud infrastructure platform and the Snap package management system. Security audits reveal a significant volume of recorded vulnerabilities, currently totaling 107 CVEs, reflecting the extensive codebase and third-party dependencies inherent in these large-scale software ecosystems. Historically, the most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation or insecure default configurations within associated services. While no single catastrophic incident has defined the company’s security history, the sheer number of disclosed issues highlights the challenges of maintaining rigorous patch cycles across diverse components. These findings underscore the necessity for continuous monitoring and timely updates for organizations relying on Canonical’s open-source technologies to mitigate potential exploitation risks.

Found 1 results / 121Clear Filters
Top products by Canonical: apport Ubuntu Linux LXD Juju snapd Multipass Python-apt cloud-init pulseaudio aptdaemon Ubuntu whoopsie unity-firefox-extension Ubuntu Kernel authd add-apt-repository Ubuntu Server operator snap get-workflow-version-action mysql-k8s-operator Juju utils canonical-livepatch MAAS apt snapcraft Linux kernel software-properties ppp Subiquity
HighUSN-8350-12026-06-01
USN-8350-1: Linux kernel (NVIDIA Tegra) vulnerabilities | Ubuntu security notices | Ubuntu
HighCVE-2025-51992026-05-28
Local Privilege Escalation via Writable PATH Binaries · Advisory · canonical/multipass · GitHub
High2026-05-28
SFTP Server VM Escape via Pipe Injection and Path Traversal · Advisory · canonical/multipass · GitHub
UnknownUSN-8296-22026-05-25
USN-8296-2: Linux kernel (NVIDIA Tegra) vulnerabilities | Ubuntu security notices | Ubuntu
Medium2026-04-28
fix: preserve user's primary group GID across logins (#1422) · canonical/authd@154b428 · GitHub
HighCVE-2024-69702026-04-28
Primary group ID incorrectly set to value of UID · Advisory · canonical/authd · GitHub
Low2026-04-10
Import: Create backup config from index by roosterfish · Pull Request #17921 · canonical/lxd · GitHub
CriticalCVE-2026-34782026-04-10
Importing a crafted backup leads to project restriction bypass · Advisory · canonical/lxd · GitHub
Critical2026-04-10
VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf · Advisory · canonical/lxd · GitHub
MediumCVE-2025-145512026-04-10
Stop logging identity data and network secrets by ogayot · Pull Request #2357 · canonical/subiquity · GitHub
Critical2025-11-19
cmd/snap-confine: prevent cwd restore permission bypass by zyga · Pull Request #6642 · canonical/snapd · GitHub
UnknownUSN-2741-12025-11-09
USN-2741-1: Unity Settings Daemon vulnerability | Ubuntu security notices | Ubuntu
LowCVE-2025-243752025-04-11
MySQL K8s charm could leak credentials for root-level user `serverconfig` · Advisory · canonical/mysql-k8s-operator · Gi

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Canonical. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.