Linux Kernel CVE Statistics
All-time vulnerability data, 1997–present · Updated daily from NIST NVD
The Linux kernel has accumulated 15,984 CVEs since 1997, making it one of the most extensively tracked software components in the NIST National Vulnerability Database. Of these, 250 are rated Critical, 4,500 High, and 26 have been confirmed as actively exploited via the CISA Known Exploited Vulnerabilities catalog. CVE volume has grown sharply — 2025 alone accounted for 5,708 vulnerabilities, representing 36% of all Linux kernel CVEs ever published.
Linux Kernel CVE Trends by Year
1997–2026 · stacked by severity
Linux kernel CVE volume increased dramatically from 2024 onward. 2025 saw 5,708 CVEs — the highest single-year total ever recorded for the Linux kernel. The 2024–2026 period accounts for the majority of all CVEs ever recorded for the Linux kernel, driven by increased security research and reporting.
Monthly Trend — 2026
CVEs published by month, 2026
Severity Breakdown — All Time
Distribution across 15,984 CVEs since 1997
Medium severity CVEs dominate at 56%, followed by High at 28%. Critical CVEs account for only 2% but represent the highest-risk vulnerabilities requiring immediate attention.
Notable observations
-
Record CVE volume in recent years
2025 was the highest-ever year for Linux kernel CVEs, with 5,708 published. The Linux kernel has averaged 533 CVEs/year since 1997, but the 2024–2026 average is significantly higher, driven by increased security research and automated vulnerability discovery.
-
Critical severity concentration
Despite record CVE volumes, Critical severity CVEs remain a small fraction of total — 250 of 15,984 total (2%). Of these, 26 are confirmed actively exploited via CISA KEV, representing the highest-priority patching targets.
-
Why CVE counts vary year to year
CVE count changes reflect both real security trends and shifts in reporting practices. The Linux kernel security team has increased systematic CVE assignment for bug fixes since 2023, which explains much of the volume increase — not necessarily more vulnerabilities, but more comprehensive tracking of existing fixes.
Year-by-Year Breakdown
CVE counts by severity, 1997–2026
| Year | Total | Critical | High | Medium | Low | Share of all-time |
|---|---|---|---|---|---|---|
| 2026 | 2117 | 74 | 665 | 913 | 4 |
13%
|
| 2025 | 5708 | 1 | 1103 | 3249 | 12 |
36%
|
| 2024 | 4382 | 20 | 1166 | 3159 | 37 |
27%
|
| 2023 | 293 | 7 | 134 | 147 | 3 |
2%
|
| 2022 | 318 | 2 | 142 | 166 | 8 |
2%
|
| 2021 | 175 | 1 | 85 | 83 | 6 |
1%
|
| 2020 | 132 | 0 | 42 | 87 | 3 |
1%
|
| 2019 | 305 | 24 | 113 | 156 | 12 |
2%
|
| 2018 | 456 | 15 | 296 | 142 | 3 |
3%
|
| 2017 | 555 | 94 | 327 | 129 | 5 |
3%
|
| 2016 | 223 | 9 | 105 | 108 | 1 |
1%
|
| 2015 | 86 | 1 | 20 | 48 | 17 |
1%
|
| 2014 | 140 | 0 | 35 | 87 | 18 |
1%
|
| 2013 | 200 | 1 | 21 | 132 | 46 |
1%
|
| 2012 | 114 | 1 | 23 | 68 | 22 |
1%
|
| 2011 | 84 | 0 | 22 | 44 | 18 |
1%
|
| 2010 | 127 | 0 | 40 | 51 | 36 |
1%
|
| 2009 | 106 | 0 | 41 | 56 | 9 |
1%
|
| 2008 | 80 | 0 | 32 | 38 | 10 |
1%
|
| 2007 | 75 | 0 | 16 | 39 | 19 |
0%
|
| 2006 | 83 | 0 | 21 | 41 | 21 |
1%
|
| 2005 | 118 | 0 | 22 | 43 | 53 |
1%
|
| 2004 | 41 | 0 | 12 | 12 | 17 |
0%
|
| 2003 | 18 | 0 | 6 | 8 | 4 |
0%
|
| 2002 | 15 | 0 | 3 | 3 | 9 |
0%
|
| 2001 | 20 | 0 | 2 | 5 | 13 |
0%
|
| 2000 | 6 | 0 | 3 | 1 | 2 |
0%
|
| 1999 | 4 | 0 | 2 | 2 | 0 |
0%
|
| 1998 | 2 | 0 | 1 | 0 | 1 |
0%
|
| 1997 | 1 | 0 | 0 | 1 | 0 |
0%
|