CVE coverage
AlmaLinux 9 CVE tracker
Noxen pulls AlmaLinux 9 CVE data from the same upstream sources Red Hat publishes against (RHEL 9 binary-compatible). NVD provides the upstream advisory; OSV's Red Hat ecosystem feed provides the rpm-level fix versions. The AlmaLinux project also publishes its own errata, which we cross-reference.
Live
Headline numbers
- Total CVE records (all distros)Loading…
- Last buildLoading…
- OSV records (RH ecosystem + others)Loading…
- NVD records (cross-platform)Loading…
How matching works
What Noxen does for an AlmaLinux 9 host
- Reads
/etc/os-releaseto confirm AlmaLinux 9 (RHEL 9 binary-compatible). - Reads
rpm -qafor installed packages, including epoch and release. - Filters the local feed cache to OSV records tagged with ecosystem
AlmaLinux:9 / Red Hat:9, plus NVD records whose CPE matches the installed packages. - Compares installed vs fix versions using rpm version semantics (epoch:version-release).
- Emits findings only where the installed version is strictly older than the fix.
Live listings
Top recent critical CVEs (Red Hat ecosystem (RHEL / Rocky / AlmaLinux))
Most-recently-published critical CVEs in the Red Hat ecosystem (RHEL / Rocky / AlmaLinux). Auto-deduped to one row per CVE ID. Snapshot baked at ; live re-fetch on page load.
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| RLSA-2026:22963 | critical | 9.0 | Critical: samba security update | samba | 0:4.23.5-109.el10_2 | |
| RLSA-2026:22714 | critical | 9.1 | Important: osbuild-composer security update | osbuild-composer | 0:165.1-2.el9_8.rocky.0.1 | |
| RLSA-2026:22644 | critical | 9.0 | Important: samba security update | samba | 0:4.19.4-16.el8_10 | |
| RLSA-2026:22450 | critical | 9.1 | Important: osbuild-composer security update | osbuild-composer | 0:165.1-2.el10_2.rocky.0.1 | |
| RLSA-2026:22937 | critical | 9.1 | Important: image-builder security update | image-builder | 0:52.1-1.el10_2.rocky.0.1 | |
| RLSA-2026:23228 | critical | 9.1 | Important: image-builder security update | image-builder | 0:52.1-1.el9_8 | |
| RLSA-2026:21755 | critical | 9.0 | Important: flatpak security update | flatpak | 0:1.12.9-4.el9_8.1 | |
| RLSA-2026:20606 | critical | 9.1 | Important: ruby4.0 security update | ruby4.0 | 0:4.0.3-34.el10_2 |
Top recent high-severity CVEs (Red Hat ecosystem (RHEL / Rocky / AlmaLinux))
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| RLSA-2026:25120 | high | 8.8 | Critical: kernel-rt security update | kernel-rt | 0:4.18.0-553.132.1.rt7.473.el8_10 | |
| RLSA-2026:25121 | high | 8.8 | Critical: kernel security update | kernel | 0:4.18.0-553.132.1.el8_10 | |
| RLSA-2026:24984 | high | 7.8 | Important: poppler security update | poppler | 0:20.11.0-14.el8_10 | |
| RLSA-2026:25110 | high | 7.5 | Important: .NET 8.0 security update | dotnet8.0 | 0:8.0.128-1.el8_10 | |
| RLSA-2026:25113 | high | 7.5 | Important: .NET 9.0 security update | dotnet9.0 | 0:9.0.118-1.el8_10 | |
| RLSA-2026:25114 | high | 7.5 | Important: .NET 10.0 security update | dotnet10.0 | 0:10.0.109-1.el8_10 | |
| RLSA-2026:24331 | high | 8.2 | Important: cockpit-image-builder security update | cockpit-image-builder | 0:94.3-1.el10_2 | |
| RLSA-2026:24716 | high | 7.8 | Important: yggdrasil security update | yggdrasil | 0:0.4.9-5.el10_2 |
Notable
Recent CVEs that AlmaLinux 9 homelabs care about.
- CVE-2024-6387 (regreSSHion) — OpenSSH signal-handler race producing pre-auth RCE.. Red Hat advisory · Noxen deep-dive.
- CVE-2024-1086 (nf_tables UAF) — Linux kernel privilege-escalation, observed in the wild.. Red Hat advisory.
- CVE-2024-3094 (xz backdoor) — Supply-chain backdoor in xz-utils 5.6.0 / 5.6.1.. Red Hat advisory · Noxen deep-dive.
FAQ
Frequently asked about AlmaLinux 9 CVEs
How is AlmaLinux 9 different from RHEL 9 for CVE tracking?
Functionally, very little. AlmaLinux 9 is binary-compatible with RHEL 9 and rebuilds Red Hat's source packages on the same release cadence, so a fix landing in RHEL 9 lands in AlmaLinux 9 within days. Noxen matches against the Red Hat ecosystem feed plus AlmaLinux errata to pick up both channels.
How do I check AlmaLinux 9 CVEs on a host?
For a quick check: dnf updateinfo list security. For per-CVE detail with fix versions, Noxen reads rpm package state over SSH and matches against the live ecosystem feed using rpm version semantics (epoch:version-release).
Is AlmaLinux 9 still supported in 2026?
Yes — the AlmaLinux 9 lifecycle tracks RHEL 9 (active maintenance phase through May 2032). Major and minor security errata continue throughout this window.
Will Noxen flag a CVE that AlmaLinux 9 has already backported a fix for?
No. Red Hat-family distros backport security fixes without changing the upstream version number — the fix shows up as a higher release field (the part after the dash in epoch:version-release). Noxen compares the installed epoch:version-release against the fixed package version using rpm version semantics, so a host that has applied the backported errata is correctly shown as patched rather than as a false positive.
Which AlmaLinux 9 CVEs should I patch first?
Severity alone is a poor sort key. Noxen ranks findings by exposure first — a high-severity CVE in a package behind an internet-facing service outranks a critical one in a library nothing reaches — then by CVSS and EPSS. The EPSS prioritisation guide walks through the reasoning.
Scan an AlmaLinux 9 fleet with Noxen
Add your AlmaLinux 9 hosts via your existing
~/.ssh/config; Noxen reads rpm package state and
matches against the live signed feed. No agent, no SaaS round-trip.
$79 one-time.