Linux CVE tracker — the feed Noxen scans against

Sources

Where the data comes from

The feed is a unioned, deduped index across the upstream sources listed below. Each row's count is from the latest build.

Trust

How you can verify what's served

Every snapshot is signed with Ed25519. The Mac app verifies the manifest's signature against a bundled public key before importing any record. Sources are mirrored, not interpreted — Noxen never re-scores or fabricates CVE data.

• Public key 6GP2QJveFk90XWEdWn86AXY5h7CjnrV1LnfhjdlCgO8=
• Manifest URL feed.noxen.app/manifest.json
• Signing algorithm Ed25519 over canonicalised JSON (sorted keys at every level)
• Snapshot format Gzipped NDJSON (one JSON record per line, LF-delimited)

Live listings

Top recent critical CVEs

The most-recently-published critical-severity CVEs in the feed, deduped to one row per CVE ID, newest first. Refreshed when the feed itself rebuilds.

Top recent high-severity CVEs

Same shape as the critical list, one severity bucket down. High-CVSS findings still demand attention but typically allow a normal patch-cycle response.

Want to know what an attacker would chain? Read our plain-English glossary of CVE/CVSS/CWE/CPE for the vocabulary that makes these listings useful.

Quick reference

Featured CVE reference cards

Per-CVE pages with affected versions, fix paths, scan commands, and links to the deep-dive blog post for the CVEs most relevant to homelabs.

• Dirty Frag — CVE-2026-43284 / CVE-2026-43500Linux kernel LPE via shared paged skb frags (xfrm + rxrpc) — public PoC →
• CVE-2024-47176 — CUPS cups-browsedUnauthenticated RCE chain via mDNS printer discovery (4-CVE chain) →
• CVE-2024-23897 — Jenkins CLIArbitrary file read → RCE via @file arg expansion (KEV) →
• CVE-2024-9264 — Grafana SQL ExpressionsAuthenticated Viewer-role RCE via DuckDB system() exposure →
• CVE-2024-21626 — runc "Leaky Vessels"Container breakout via internal fd handle leak (Docker, LXC, Proxmox) →
• CVE-2024-4577 — PHP-CGI argument injectionPre-auth RCE via Best-Fit encoding bypass (KEV, Akira weaponised) →
• CVE-2024-6387 — regreSSHionOpenSSH pre-auth RCE — fix versions and scan check →
• CVE-2024-3661 — TunnelVisionDHCP option 121 abuse leaks VPN traffic to the LAN →
• CVE-2024-3094 — xz/liblzma backdoorSupply-chain backdoor in xz-utils 5.6.0/5.6.1 →
• CVE-2024-1086 — nf_tables UAF (LPE)Linux kernel use-after-free, KEV-listed — the stage-2 multiplier →
• CVE-2023-4863 — libwebp heap overflowBundled-library RCE in Chromium / Electron / Plex / HA →
• CVE-2022-3602 — OpenSSL X.509 (4-byte)OpenSSL 3.0 punycode buffer overflow →
• CVE-2022-3786 — OpenSSL X.509 (1-byte)Companion OpenSSL 3.0 overflow →

By distribution

What Noxen tracks per distro

Per-ecosystem dashboards with the same headline numbers, framed for each distro.

• Ubuntu 24.04 LTSCVE coverage for Ubuntu 24.04 →
• Ubuntu 22.04 LTSCVE coverage for Ubuntu 22.04 →
• Ubuntu 20.04 LTSCVE coverage for Ubuntu 20.04 (ESM-aware) →
• Debian 13 TrixieCVE coverage for Debian 13 →
• Debian 12 BookwormCVE coverage for Debian 12 →
• Debian 11 BullseyeCVE coverage for Debian 11 (LTS) →
• AlmaLinux 9CVE coverage for AlmaLinux 9 →
• AlmaLinux 8CVE coverage for AlmaLinux 8 →
• Rocky Linux 9CVE coverage for Rocky 9 →
• Rocky Linux 8CVE coverage for Rocky 8 →

Want to scan your fleet?

Noxen matches this feed against your installed package versions over SSH. Mac-native. Agentless. $79 one-time.