Contribute

vuln.fail is community-driven. If you've heard of a newly disclosed Linux vulnerability, open a pull request on Codeberg.

Adding a new vulnerability

Create a file at content/issues/vulnerability-name.md.

Required fields

+++
title = "Name of the vulnerability"
date = 2026-01-01 # public disclosure date
description = "1-2 sentence summary shown in listings, the feed and if the issue doesn't have a detailed description."
+++

Optional fields

authors = ["your-codeberg-username"] # credited in the Credits section

[extra]
cves = ["CVE-YYYY-NNNNN"] # list, can be omitted if none are assigned yet
cvss = 7.8                # CVSS score, omit if not yet assigned
site = "https://..."      # PoC repo, special site like https://copy.fail or writeup

[extra.discovered]
name = "John Doe"
url = "https://..." # optional

[extra.introduced]
commit = "72548b093ee38a6d4f2a19e6ef1948ae05c181f7" # always use the full commit hash
version = "5.10"

[extra.fixed]
commit = "abc123def456"
mainline = "6.19"
stable = ["6.18.1", "6.12.5"]

# shell snippet to check if affected
[extra.check]
code = "uname -r"
note = "Optional note about the output"

[[extra.timeline]]
date = "2026-01-01"
text = "Event description, supports `inline markdown`"
sources = ["key"] # references [[extra.sources]] by key

[[extra.sources]]
key = "fix"
url = "https://git.kernel.org/..."

[[extra.mitigation]]
title = "Optional step title"
text = "Description of the mitigation step."
code = "optional shell snippet"