zabbix vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the zabbix package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2025-49643	*
M CVE-2025-49641	*
M CVE-2025-27231	*
M CVE-2025-27236	*
L CVE-2025-27233	*
H CVE-2025-27240	*
L CVE-2025-27234	<1:6.0.7+dfsg-2
M CVE-2024-45699	*
L CVE-2024-36469	*
M CVE-2024-45700	*
L CVE-2024-42325	*
L CVE-2024-36466	*
L CVE-2024-36464	*
L CVE-2024-42330	*
H CVE-2024-36463	*
L CVE-2024-22117	*
L CVE-2024-42331	*
L CVE-2024-42333	*
L Improper Encoding or Escaping of Output	*
H CVE-2024-36467	*
L CVE-2024-42327	*
H Insufficiently Protected Credentials	*
L Arbitrary Code Injection	*
C Arbitrary Command Injection	*
H Arbitrary Code Injection	*
H CVE-2024-36461	*
M Improper Preservation of Permissions	*
H CVE-2024-22120	*
M Cross-site Scripting (XSS)	*
H Improper Input Validation	*
H Reliance on Cookies without Validation and Integrity Checking	*
C Arbitrary Code Injection	*
H Improper Check for Unusual or Exceptional Conditions	*
L Arbitrary Code Injection	*
L Out-of-bounds Write	*
L Cross-site Scripting (XSS)	*
H Incorrect Permission Assignment for Critical Resource	*
C Incorrect Permission Assignment for Critical Resource	<1:5.0.0+dfsg-1
L Files or Directories Accessible to External Parties	*
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
L Improper Validation of Array Index	*
L Cross-site Scripting (XSS)	*
L Out-of-bounds Write	*
L Cross-site Scripting (XSS)	*
L Allocation of Resources Without Limits or Throttling	*
L Cross-site Scripting (XSS)	*
M Improper Input Validation	<1:6.0.13+dfsg-1
C Incorrect Authorization	<1:6.0.13+dfsg-1
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
M Improper Authentication	<1:6.0.7+dfsg-2
H Incorrect Permission Assignment for Critical Resource	<1:6.0.7+dfsg-2
M Cross-site Scripting (XSS)	<1:6.0.7+dfsg-2
H Cross-site Request Forgery (CSRF)	<1:5.0.8+dfsg-1
C CVE-2020-11800	<1:4.0.0+dfsg-1
M Cross-site Scripting (XSS)	<1:5.0.2+dfsg-1
C Improper Input Validation	<1:2.0.7+dfsg-1
H Inadequate Encryption Strength	<1:5.0.0+dfsg-1
C Authorization Bypass Through User-Controlled Key	<1:5.0.0+dfsg-1
M Information Exposure	<1:5.0.7+dfsg-1
L Open Redirect	<1:3.0.17+dfsg-1
C SQL Injection	<1:2.0.8+dfsg-2
H CVE-2017-2825	<1:3.0.7+dfsg-3
L Information Exposure	<1:4.0.0+dfsg-1
C XML External Entity (XXE) Injection	<1:2.2.5+dfsg-1
H OS Command Injection	<1:3.0.7+dfsg-3
C SQL Injection	<1:3.0.4+dfsg-1
H SQL Injection	<1:3.0.3+dfsg-1
H SQL Injection	<1:2.2.7+dfsg-2
M CVE-2014-1685	<1:2.2.2+dfsg-1
M Improper Authentication	<1:2.2.2+dfsg-1
M Cryptographic Issues	<1:2.0.7+dfsg-1
L Arbitrary Code Injection	<1:2.2.0+dfsg-6
M Improper Authentication	<1:2.0.4+dfsg-2
L Access Restriction Bypass	<1:2.2.2+dfsg-1
H SQL Injection	<1:2.0.2+dfsg-1
M Cross-site Scripting (XSS)	<1:1.8.10-1
M Cross-site Scripting (XSS)	<1:1.8.10-1
H SQL Injection	<1:1.8.9-1
H SQL Injection	<1:1.8.2-1
L Information Exposure	<1:1.8.6-1
M Cross-site Scripting (XSS)	<1:1.8.6-1
M Resource Management Errors	<1:1.8.6-1
M Information Exposure	<1:1.8.9-1
M Cross-site Scripting (XSS)	<1:1.8.3-1
H SQL Injection	<1:1.8.2-1
M OS Command Injection	<1:1.8-1
H SQL Injection	<1:1.8-1
H Access Restriction Bypass	<1:1.8-1
M Out-of-Bounds	<1:1.8-1
M Out-of-Bounds	<1:1.8-1
L CVE-2008-1353	<1:1.4.5-1
M Configuration	<1:1.4.2-4
C CVE-2007-0640	<1:1.1.4-8
M CVE-2006-6693	<1:1.1.2-4
M CVE-2006-6692	<1:1.1.2-4

Vulnerability

Vulnerable Version

CVE-2025-49643