Every CVE whose affected-product data names Tukaani Xz, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-3094 — CVSS 10.0 (critical): Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the…
CVE-2022-1271 — CVSS 8.8 (high): An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for…
CVE-2015-4035 — CVSS 7.8 (high): scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows…
CVE-2020-22916 — CVSS 5.5 (medium): An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor…
CVE-2026-34743 — CVSS 5.3 (medium): XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was…