Packagekit Project Packagekit — known CVE vulnerabilities
Every CVE whose affected-product data names Packagekit Project Packagekit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-41651 — CVSS 8.8 (high): PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture…
CVE-2020-16122 — CVSS 8.2 (high): PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the…
CVE-2018-1106 — CVSS 5.5 (medium): An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install…
CVE-2011-2515 — CVSS 5.3 (medium): PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted…
CVE-2020-16121 — CVSS 3.3 (low): PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that…
CVE-2022-0987 — CVSS 3.3 (low): A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a…
CVE-2024-0217 — CVSS 3.3 (low): A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As…
CVE-2013-1764 — CVSS 2.1 (low): The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.