Ventoy

☆ Save On Wikipedia ↗
Ventoy
DeveloperHailong Sun (aka longpanda)
Release5 April 2020
Stable release1.1.16[1] Edit this on Wikidata (25 June 2026 (25 June 2026)) [±]
Operating systemCross-platform (Windows, Linux)
LicenseGPLv3+ License (partial)
Websitewww.ventoy.net/en/ Edit this on Wikidata
Repository

Ventoy is a partially open-source[2][3] utility used for creating bootable USB media storage devices with files such as .iso, .wim, .img, .vhd(x), and .efi. Once Ventoy is installed on a USB drive, new installation files can be added without reformatting.[4][5][6] Ventoy presents the user with a boot menu to select one of the installation files held on the USB drive.

Features

Ventoy can be installed on a USB flash drive, local disk, solid-state drive (SSD, NVMe), or SD card and directly boots from the selected .iso, .wim, .img, .vhd(x), or .efi file(s) added. Ventoy does not extract the image file(s) to the USB drive, but uses them directly, as it can unzip during installation. It is possible to place multiple ISO images on a single device and select the image to boot from the menu displayed just after Ventoy boots.

MBR and GPT partition styles, x86 Legacy BIOS and various UEFI boot methods (including persistence) are supported. ISO files larger than 4 GB can be used. Ventoy supports various operating system boot and installation ISO files, including Windows 7 and later, Debian, Ubuntu, CentOS, Red Hat Enterprise Linux (RHEL), Fedora and more than a hundred other Linux distributions; various Unix releases, VMware, Citrix XenServer, etc. have also been tested.[7] Ventoy isn't recommended on the openSUSE wiki due to reports of boot issues.[8]

Binary blob controversy

Ventoy claims[9] to be an open source software and is hosted in a GitHub open-source repository.[10] However, concerns have been repeatedly raised in various computing-related blogs[11][12][13][14][15][16] and forums[17][18][19][20][21][22][23][24][25][26] regarding the fact that source code tree contains a large number of pre-compiled blobs (binary executable files) of unknown origin, which makes it difficult or impossible to audit the content of the software and verify that no malicious payloads (e.g. backdoors) are being delivered. Additional concerns were raised in the same blogs and forums that the software appears to originate from China, that the software author has not responded to the concerns over the blobs for several years, that the identity of the author cannot be exactly established and that distribution of blobs without the corresponding source code could be a violation of GPLv3+ license the software claims to adhere to. Parallels have been drawn to recent vulnerabilities discovered in XZ Utils software.[21] As of 7 May 2025, the author of the project has responded[18] to the concerns over the blobs. Critics, however, point out that the response was limited to merely listing all the blobs along with build instructions, which other open source community members found very convoluted and difficult to reproduce[12][22].

See also

References

  1. "Release 1.1.16". 25 June 2026. Retrieved 26 June 2026.
  2. "Ventoy". www.ventoy.net. Retrieved 2026-01-31.
  3. longpanda (2026-01-31), ventoy/Ventoy, retrieved 2026-01-31
  4. Langner, Christopher. "Tutorial – Ventoy". Linux Magazine. Linux New Media USA. Archived from the original on 27 January 2021. Retrieved 6 April 2021.
  5. "Bootable USB Creator Ventoy Gets A Native GUI For Linux". 14 September 2021.
  6. "You may now use Ventoy without deleting data on USB Sticks". 11 November 2021. Retrieved 11 November 2021.
  7. "List Of Tested ISOs". Archived from the original on 2021-04-01. Retrieved 2021-03-09.
  8. "Create installation USB stick".
  9. "Ventoy A New Bootable USB Solution". Ventoy.net. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  10. "Ventoy". GitHub.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  11. "Are you an IT professional? Stop using Ventoy (now)". Iguru.rg. 2025-08-21. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  12. "Ventoy - 718 Shades of Open Source". NixSanctuary.com. 2025-01-30. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  13. "iVentoy under suspicion for replacing drivers and certificates". UbunLog.com. 2025-05-14. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  14. "Ventoy's Binary Blobs Spark Security Concerns and Trust Issues in Open Source Community". BigGo.com. 2025-08-06. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  15. "Ventoy Security Concerns". PrivacyGuides.net. 2025-08-05. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  16. "Should Ventoy users be concerned? What remediations could users take?". PrivacyGuides.net. 2024-10-17. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  17. "[issue]: Remove BLOBs from the source tree #2795". GitHub.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  18. "About the BLOBs in Ventoy #3224". GitHub.com. 2025-05-07. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  19. "Where is source code to binary blobs? Is it really open-source? #132". GitHub.com. 2020-05-18. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  20. "Is Ventoy really safe?". Linux Mint Forums. 2024-10-18. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  21. "Is ventoy safe? In light of xz/liblzma scare". Reddit.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  22. "The ventoy situation". CachyOS.org. 2025-04-28. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  23. "About the BLOBs in Ventoy". YCombinator.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  24. "Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months". Lemmy.one. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  25. "Is Ventoy Safe to Use? Any Good Alternatives?". YoMotherboard.com. 2025-08-10. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  26. "Ventoy: Remove BLOBs from the Source Tree". YCombinator.com. 2024-06-15. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)