emacs-filesystem (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package emacs-filesystem, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2022-48337 — CVSS 9.8 (critical): GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because…
CVE-2024-39331 — CVSS 9.8 (critical): In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as…
CVE-2025-1244 — CVSS 8.8 (high): A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell…
CVE-2023-28617 — CVSS 7.8 (high): org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file…
CVE-2024-53920 — CVSS 7.8 (high): In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs…
CVE-2023-2491 — CVSS 7.8 (high): A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in…
CVE-2022-48339 — CVSS 7.8 (high): An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command…
CVE-2022-45939 — CVSS 7.8 (high): GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because…
CVE-2022-48338 — CVSS 7.3 (high): An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection…