Gentoo Portage
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gentoo Portage.
By the Year
In 2025 there have been 0 vulnerabilities in Gentoo Portage. Last year, in 2024 Portage had 1 security vulnerability published. Right now, Portage is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.50 |
It may take a day or so for new Portage vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gentoo Portage Security Vulnerabilities
Gentoo Portage<3.0.47: emerge-webrsync Missing PGP Validation
CVE-2016-20021
9.8 - Critical
- January 12, 2024
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Improper Verification of Cryptographic Signature
Gentoo Portage through 2.3.84
CVE-2019-20384
5.5 - Medium
- January 21, 2020
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
Improper Preservation of Permissions
Portage before 2.0.50-r3
CVE-2004-1901
5.5 - Medium
- December 31, 2004
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gentoo Portage or by Gentoo? Click the Watch button to subscribe.
