Ubuntu security advisories
8 threat alerts tracking vulnerabilities and security advisories that affect Ubuntu products.
Vulnios monitors Ubuntu CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Ubuntu security news in one place, or click into an individual alert for full detail.
USN-8263-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files in certain instances. If a user or automated system using ImageMagick were tricked into opening a specially crafted
criticalCVE-2018-15607USN-8248-2: NASM regression
USN-8248-1 fixed vulnerabilities in NASM. Unfortunately the update introduced a regression which could cause NASM to crash. This update fixes the problem by reverting the fix for CVE-2021-33450 and CV
criticalCVE-2021-33450USN-8246-1: Vim vulnerabilities
Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affec
criticalCVE-2026-35177USN-8259-1: OpenEXR vulnerabilities
Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when processing deep scan line image files. An attacker could possibly use this issue to cause OpenEXR to crash, resul
criticalCVE-2026-27622USN-8248-1: NASM vulnerabilities
Daisy Chen discovered that NASM was vulnerable to a heap buffer overflow when handling certain input. An attacker could possibly use this issue to cause NASM to crash, resulting in a denial of service
criticalCVE-2023-31722USN-8236-1: Slurm vulnerabilities
It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected
criticalCVE-2023-41914USN-8233-2: nghttp2 vulnerability
USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly v
criticalSANS Internet Storm Center Advisory — May 4, 2026
This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have "automatic updates" enabled on your system. There will be two major changes: ]]>
critical
Track Ubuntu exposure across your environment
Vulnios automatically cross-references your asset inventory against new Ubuntu CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan