Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1004 Related CVEs: CVE-2025-47273 Upstream summary: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-985 Related CVEs: CVE-2024-58134 CVE-2024-58135 Upstream summary: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023NVIDIA-2025-065 Related CVEs: CVE-2025-23244 Upstream summary: NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-971 Related CVEs: CVE-2022-46908 CVE-2023-7104 CVE-2022-35737 CVE-2025-6965 CVE-2023-36191 Upstream summary: SQLite through 3.40.0, when relying on –safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-925 Related CVEs: CVE-2025-27363 CVE-2020-15999 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2026-23865 CVE-2023-2004 Upstream summary: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-919 Related CVEs: CVE-2024-53427 CVE-2024-23337 Upstream summary: decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-922 Related CVEs: CVE-2024-11235 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 CVE-2025-14177 CVE-2025-14178  +12 more Upstream summary: NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://www.tenable.com/cve/CVE-2024-11235 Version This vulnerability is present only in PHP 8.3+. The PHP 8.2 […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-893 Related CVEs: CVE-2025-27516 CVE-2024-56201 CVE-2024-56326 CVE-2024-9902 CVE-2024-8775 CVE-2024-11079 CVE-2024-22195 CVE-2024-34064  +3 more Upstream summary: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja […]