Amazon Linux 2

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2022-1794 Related CVEs: CVE-2022-29599 Upstream summary: org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2022-1764 Related CVEs: CVE-2022-25235 CVE-2022-25236 CVE-2024-45490 CVE-2022-43680 CVE-2022-40674 CVE-2022-25315 CVE-2026-25210 CVE-2024-50602  +12 more Upstream summary: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2022-1746 Related CVEs: CVE-2016-2124 CVE-2020-25717 CVE-2021-44142 CVE-2020-14318 CVE-2020-14323 CVE-2020-1472 CVE-2022-38023 CVE-2022-32744  +12 more Upstream summary: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) Table of contents […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2021-1731 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214  +12 more Upstream summary: No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2CORRETTO8-2021-001 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2026-22007 CVE-2026-22016 CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945  +12 more Upstream summary: No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2021-1731 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183  +12 more Upstream summary: No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2021-1731 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268  +12 more Upstream summary: No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2JAVA-OPENJDK11-2021-001 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756  +12 more Upstream summary: No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2021-1731 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268  +12 more Upstream summary: No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2021-1730 Related CVEs: CVE-2021-44228 CVE-2021-45046 CVE-2022-42004 CVE-2025-49128 CVE-2021-44832 CVE-2021-45105 Upstream summary: Amazon Kinesis Agent versions within Amazon Linux 2 (AL2) prior to aws-kinesis-agent-2.0.4-1 included a version of Apache Log4j affected […]