CVE coverage
Ubuntu 22.04 LTS CVE tracker
Noxen pulls Ubuntu 22.04 CVE data from OSV.dev's Ubuntu ecosystem feed — the same source Canonical itself publishes through their security tracker. Records are deduped against NVD/VulnCheck and shipped in a signed snapshot, daily. Pro/ESM-tagged fixes are kept distinct so you can see whether a patch requires a paid subscription before clicking through.
Live
Headline numbers
- Total CVE records (all distros)Loading…
- Last buildLoading…
- OSV records (Ubuntu + others)Loading…
- NVD records (cross-platform)Loading…
How matching works
What Noxen does for an Ubuntu 22.04 host
- Reads
/etc/os-releaseover SSH to confirm the host is on Ubuntu 22.04. - Reads the dpkg package list — every binary package, plus its corresponding source package via
dpkg-query --showformat='${Source}'. - Filters the local feed cache to OSV records tagged with ecosystem
Ubuntu:22.04:LTS. - For each record, compares your installed version against the OSV-published fix version using the Debian/Ubuntu version-comparison rules (epoch, upstream, debian-revision).
- Emits a finding only when the installed version is older than the fix. Where Ubuntu Pro / ESM-only fixes apply, they are flagged separately.
Live listings
Top recent critical CVEs (Ubuntu 22.04 / Ubuntu ecosystem)
Most-recently-published critical CVEs in the Ubuntu 22.04 / Ubuntu ecosystem. Auto-deduped to one row per CVE ID. Snapshot baked at ; live re-fetch on page load.
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| UBUNTU-CVE-2024-40896 | critical | 9.1 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE att | libxml2 | 2.12.7+dfsg-3ubuntu0.1 | |
| UBUNTU-CVE-2024-9486 | critical | 9.8 | A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default c | kubernetes | — | |
| UBUNTU-CVE-2024-6385 | critical | 9.8 | An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user u | gitlab | — | |
| UBUNTU-CVE-2024-38998 | critical | 9.8 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | requirejs | — | |
| UBUNTU-CVE-2024-35325 | critical | 9.8 | A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. | libyaml | — | |
| UBUNTU-CVE-2024-35326 | critical | 9.8 | libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. | libyaml | — | |
| UBUNTU-CVE-2024-35863 | critical | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. | linux-hwe-edge | — | |
| UBUNTU-CVE-2024-3094 | critical | — | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source | xz-utils | 5.2.4-1ubuntu1.1 |
Top recent high-severity CVEs (Ubuntu 22.04 / Ubuntu ecosystem)
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| UBUNTU-CVE-2026-47331 | high | — | Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary co | linux-hwe-edge | — | |
| UBUNTU-CVE-2026-47333 | high | — | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by a | linux-hwe-edge | — | |
| UBUNTU-CVE-2026-46300 | high | — | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @ | linux-hwe-edge | — | |
| UBUNTU-CVE-2026-29518 | high | — | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symb | rsync | 3.1.0-2ubuntu0.4+esm3 | |
| UBUNTU-CVE-2026-33278 | high | — | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwrit | unbound | 1.19.2-1ubuntu3.8 | |
| UBUNTU-CVE-2026-43618 | high | — | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver p | rsync | 3.1.0-2ubuntu0.4+esm3 | |
| UBUNTU-CVE-2026-46333 | high | — | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core d | linux-hwe-edge | — | |
| UBUNTU-CVE-2026-42945 | high | — | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expressi | nginx | 1.4.6-1ubuntu3.9+esm6 |
Notable
Recent CVEs Ubuntu 22.04 operators should know.
- CVE-2024-6387 (regreSSHion) — OpenSSH signal-handler race producing pre-auth RCE.. Ubuntu advisory · Noxen deep-dive.
- CVE-2024-3094 (xz backdoor) — Supply-chain backdoor in xz-utils 5.6.0 / 5.6.1.. Ubuntu advisory · Noxen deep-dive.
- CVE-2024-1086 (nf_tables UAF) — Linux kernel privilege-escalation, observed in the wild.. Ubuntu advisory.
- CVE-2026-31431 (kernel algif_aead) — Local privilege escalation in the kernel's userspace AEAD interface.. Ubuntu advisory · Noxen deep-dive.
FAQ
Frequently asked about Ubuntu 22.04 CVEs
How many CVEs affect Ubuntu 22.04 LTS?
Ubuntu 22.04 LTS (Jammy) sits inside the 2-million+ Ubuntu ecosystem feed Noxen consumes (OSV.dev + NVD). The 22.04 subset is filtered by ecosystem tag (Ubuntu:22.04:LTS) and rebuilt daily; live counts at the top of this page.
How do I check Ubuntu 22.04 CVEs on a running host?
For the immediate count: apt list --upgradable 2>/dev/null | grep -ci security. For a per-CVE breakdown with fix versions, Noxen reads dpkg over SSH and matches installed source-package versions against the OSV Ubuntu:22.04:LTS ecosystem feed. No agent on the target.
Is Ubuntu 22.04 still supported in 2026?
Yes. Ubuntu 22.04 LTS receives standard security updates from Canonical until April 2027 (5-year LTS window). Ubuntu Pro / ESM extends paid coverage through April 2032 — extended-window CVE fixes appear in the feed tagged Ubuntu:Pro:22.04:LTS. Many homelab and small-fleet operators are still on 22.04 because the 24.04 upgrade hasn't pulled them yet.
What's different between Ubuntu 22.04 and 24.04 CVE coverage?
Same data source (OSV.dev's Ubuntu ecosystem feed). Difference is the package versions and what's been backported. A CVE patched upstream in OpenSSH 9.8 gets a 22.04 backport into openssh-server 1:8.9p1-3ubuntu0.10+esm2 (note the +esm2 suffix indicating Pro/ESM channel) and a separate 24.04 backport into 1:9.6p1-3ubuntu13.3. Noxen matches against the right per-release fix version automatically.
Does Noxen need Ubuntu Pro to scan 22.04 hosts?
No. The CVE feed Noxen consumes is publicly available regardless of Pro. What Pro provides is access to the actual fix packages (via Canonical's ESM channels). Noxen will tell you the host needs Pro to install the patched version when the only available fix is ESM-gated; the scan itself doesn't require a subscription.
Scan an Ubuntu 22.04 fleet with Noxen
Add your Ubuntu 22.04 hosts via your existing
~/.ssh/config; Noxen reads dpkg state and
matches against the live signed feed. No agent, no SaaS round-trip.
$79 one-time.