Vendor
GNU is an extensive collection of free software, which can be used as an operating system or can be used in parts with other operating systems. Most of GNU is licensed under the GNU Project's own General Public License (GPL).
Founded 1983
Products
95
CVEs
626
Across products
5,092
Status
Private
Products
95- 1,659 CVEs
- 1,142 CVEs
- 310 CVEs
- 282 CVEs
- 167 CVEs
- 145 CVEs
- 140 CVEs
- 102 CVEs
- 89 CVEs
- 88 CVEs
- 85 CVEs
- 62 CVEs
- 56 CVEs
- 54 CVEs
- 53 CVEs
- 44 CVEs
- 34 CVEs
- 32 CVEs
- 31 CVEs
- 29 CVEs
- 28 CVEs
- 25 CVEs
- 24 CVEs
- 19 CVEs
- 19 CVEs
- 19 CVEs
- 18 CVEs
- 18 CVEs
- 15 CVEs
- 15 CVEs
- + 65 more — see CVE list below for full coverage.
Recent CVEs
626| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-7169 | Cri | 0.86 | 9.8 | 0.89 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. |
| CVE-2014-6271 | Cri | 0.86 | 9.8 | 0.94 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. |
| CVE-2014-6278 | Hig | 0.80 | 8.8 | 0.91 | KEV | Sep 30, 2014 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. |
| CVE-2026-32746 | Cri | 0.67 | 9.8 | 0.05 | Mar 13, 2026 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | |
| CVE-2016-4971 | Hig | 0.66 | 8.8 | 0.75 | Jun 30, 2016 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | |
| CVE-2026-5450 | Cri | 0.64 | 9.8 | 0.00 | Apr 20, 2026 | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. | |
| CVE-2017-15804 | Cri | 0.64 | 9.8 | 0.00 | Oct 22, 2017 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | |
| CVE-2017-15670 | Cri | 0.64 | 9.8 | 0.00 | Oct 20, 2017 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | |
| CVE-2014-9474 | Cri | 0.64 | 9.8 | 0.04 | Oct 10, 2017 | Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. | |
| CVE-2017-14062 | Cri | 0.64 | 9.8 | 0.01 | Aug 31, 2017 | Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2017-14061 | Cri | 0.64 | 9.8 | 0.01 | Aug 31, 2017 | Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2017-10685 | Cri | 0.64 | 9.8 | 0.02 | Jun 29, 2017 | In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |
| CVE-2017-10684 | Cri | 0.64 | 9.8 | 0.02 | Jun 29, 2017 | In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |
| CVE-2014-9984 | Cri | 0.64 | 9.8 | 0.01 | Jun 12, 2017 | nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | |
| CVE-2016-10324 | Cri | 0.64 | 9.8 | 0.01 | Apr 13, 2017 | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. | |
| CVE-2017-7614 | Cri | 0.64 | 9.8 | 0.00 | Apr 9, 2017 | elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. | |
| CVE-2017-5337 | Cri | 0.64 | 9.8 | 0.04 | Mar 24, 2017 | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |
| CVE-2017-5336 | Cri | 0.64 | 9.8 | 0.04 | Mar 24, 2017 | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |
| CVE-2017-5334 | Cri | 0.64 | 9.8 | 0.06 | Mar 24, 2017 | Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |
| CVE-2014-9939 | Cri | 0.64 | 9.8 | 0.00 | Mar 21, 2017 | ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. |