Known Vulnerabilities for products from Flatpak
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Flatpak".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48831 json | Not Provided | 2026-05-24 | 2026-05-26 | |
| CVE-2026-41525 json | Not Provided | 2026-04-28 | 2026-05-19 | |
| CVE-2026-40354 json | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host contex... | Not Provided | 2026-04-11 | 2026-04-27 |
| CVE-2026-39977 json | flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an ... | Not Provided | 2026-04-09 | 2026-04-16 |
| CVE-2026-34080 json | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eav... | Not Provided | 2026-04-07 | 2026-04-21 |
| CVE-2026-34079 json | Not Provided | 2026-04-07 | 2026-04-10 | |
| CVE-2026-34078 json | Not Provided | 2026-04-07 | 2026-04-11 | |
| CVE-2026-2604 json | Not Provided | 2026-06-17 | 2026-06-17 | |
| CVE-2023-28101 json | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.1... | 4.3 - MEDIUM | 2023-03-16 | 2023-12-23 |
| CVE-2023-28100 json | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8... | 6.5 - MEDIUM | 2023-03-16 | 2023-12-23 |
| CVE-2022-21682 json | Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flat... | 6.5 - MEDIUM | 2022-01-13 | 2023-12-23 |
| CVE-2021-43860 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.6 - HIGH | 2022-01-12 | 2023-12-23 |
| CVE-2021-41133 json | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.1... | 7.8 - HIGH | 2021-10-08 | 2023-12-23 |
| CVE-2021-21381 json | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since versio... | 8.2 - HIGH | 2021-03-11 | 2023-12-23 |
| CVE-2021-21261 json | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in ... | 8.8 - HIGH | 2021-01-14 | 2021-01-27 |
| CVE-2019-10063 json | Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.... | 9 - CRITICAL | 2019-03-26 | 2019-05-13 |
| CVE-2019-8308 json | Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attacke... | 8.2 - HIGH | 2019-02-12 | 2020-08-24 |
| CVE-2018-6560 json | In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host... | 8.8 - HIGH | 2018-02-02 | 2019-10-03 |
| CVE-2017-9780 json | In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate perm... | 7.8 - HIGH | 2017-06-21 | 2019-10-03 |
Known software with vulnerabilities from Flatpak
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Flatpak | Flatpak | 0.1 |