Gnome Shell
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gnome Shell.
By the Year
In 2026 there have been 0 vulnerabilities in Gnome Shell. Gnome Shell did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 2 | 5.50 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
| 2019 | 1 | 4.30 |
It may take a day or so for new Gnome Shell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gnome Shell Security Vulnerabilities
GNOME Shell 45.7 autorun unsafe JavaScript via portal helper
CVE-2024-36472
- May 28, 2024
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
GNOME Shell: Local User Scrapes Locked Session Screenshots
CVE-2023-43090
5.5 - Medium
- September 22, 2023
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue
CVE-2021-3982
5.5 - Medium
- April 29, 2022
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
Improper Check for Dropped Privileges
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8
CVE-2021-20315
- February 18, 2022
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
Improper Locking
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4
CVE-2020-17489
- August 11, 2020
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions
CVE-2019-3820
4.3 - Medium
- February 06, 2019
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gnome Shell or by GNOME? Click the Watch button to subscribe.
