1
I Use This!
Very High Activity
Analyzed 1 day ago. based on code collected 2 days ago.
 

Security

Vulnerabilities per Version

Learn more about BDSAs
 
 

Major Versions

1yr
3yr
5yr
10yr
All
click and drag to zoom
 
 
Security Vulnerabilities for Version:
Severities:
Type
Identifier Related Record Severity Date Published Description Versions Affected
CVE-2026-9640 High Jun 26, 2026 A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project- more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2026-9639 Medium Jun 26, 2026 Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2026-34179 Critical Apr 09, 2026 In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/ more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2026-34178 Critical Apr 09, 2026 In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates th more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2026-34177 Critical Apr 09, 2026 Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2026-28385 Medium Jun 26, 2026 In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated u more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2025-54293 BDSA-2025-13058 Medium Oct 02, 2025 Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on th more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2025-54292 Medium Oct 02, 2025 Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify uninte more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2025-54291 BDSA-2025-13053 Medium Oct 02, 2025 Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine proje more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0
CVE-2025-54290 BDSA-2025-13052 Medium Oct 02, 2025 Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence with more...
v5.21.0, 5.0.2, 5.0.1, 5.0.0