本頁列出影響 gnu emacs 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-6861 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure. | [email protected] | 6.1 | 0.11% | 2026-04-22 | 2026-05-06 |
| CVE-2024-53920 | In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) | [email protected] | 7.8 | 0.51% | 2024-11-27 | 2025-11-03 |
| CVE-2024-39331 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | [email protected] | 9.8 | 1.32% | 2024-06-23 | 2025-04-30 |
| CVE-2024-30205 | In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | [email protected] | 7.1 | 0.49% | 2024-03-25 | 2025-05-01 |
| CVE-2024-30204 | In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | [email protected] | 2.8 | 0.47% | 2024-03-25 | 2025-05-01 |
| CVE-2024-30203 | In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | [email protected] | 5.5 | 0.58% | 2024-03-25 | 2025-05-01 |
| CVE-2024-30202 | In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | [email protected] | 7.8 | 1.11% | 2024-03-25 | 2025-05-01 |
| CVE-2023-2491 | A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | [email protected] | 7.8 | 0.46% | 2023-05-17 | 2025-01-22 |
| CVE-2023-27986 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. | [email protected] | 7.8 | 0.47% | 2023-03-09 | 2025-03-05 |
| CVE-2023-27985 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 | [email protected] | 7.8 | 1.12% | 2023-03-09 | 2025-03-05 |
| CVE-2022-48339 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | [email protected] | 7.8 | 1.19% | 2023-02-20 | 2025-03-18 |
| CVE-2022-48338 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | [email protected] | 7.3 | 1.70% | 2023-02-20 | 2025-03-18 |
| CVE-2022-48337 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | [email protected] | 9.8 | 1.60% | 2023-02-20 | 2025-03-18 |
| CVE-2022-45939 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | [email protected] | 7.8 | 0.64% | 2022-11-28 | 2025-04-28 |
| CVE-2017-1000383 | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | [email protected] | 5.5 | 0.41% | 2017-10-31 | 2026-05-13 |
| CVE-2017-14482 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | [email protected] | 8.8 | 4.04% | 2017-09-14 | 2026-05-13 |
| CVE-2014-9483 | Emacs 24.4 allows remote attackers to bypass security restrictions. | [email protected] | 7.5 | 2.80% | 2017-08-28 | 2026-05-13 |
| CVE-2014-3424 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | [email protected] | 3.3 | 0.35% | 2014-05-08 | 2026-05-06 |
| CVE-2014-3423 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | [email protected] | 3.3 | 0.34% | 2014-05-08 | 2026-05-06 |
| CVE-2014-3422 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | [email protected] | 3.3 | 0.35% | 2014-05-08 | 2026-05-06 |