Skip to main content

Nginx

Vendor security scorecard – 375 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 2295
375
CVEs
63
Critical
187
High
0
KEV
114
PoC
113
Unpatched C/H
57.9%
Patch Rate
4.8%
Avg EPSS

Severity Breakdown

CRITICAL
63
HIGH
187
MEDIUM
118
LOW
6

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2013-2028 The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%. HIGH 7.5 93.0% 166
PoC
CVE-2025-1974 A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller. CRITICAL 9.8 90.3% 159
PoC
CVE-2013-4547 nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%. HIGH 7.5 90.9% 148
PoC No patch
CVE-2023-50919 An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%. CRITICAL 9.8 52.3% 136
PoC No patch
CVE-2017-7529 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 91.9% and no vendor patch available. HIGH 7.5 91.9% 129
No patch
CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 78.8%. HIGH 7.5 78.8% 116
CVE-2025-1098 Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare). HIGH 8.8 49.9% 114
PoC
CVE-2025-24514 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%. HIGH 8.8 23.0% 87
PoC
CVE-2025-1097 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%. HIGH 8.8 20.8% 85
PoC
CVE-2022-31137 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. CRITICAL 9.8 90.4% 84
PoC
CVE-2014-3556 The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 48.2%. MEDIUM 6.8 48.2% 82
CVE-2026-42945 Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker processes and potentially execute code on systems without ASLR. The vulnerability requires specific rewrite directive configurations using PCRE captures with question marks in replacement strings, combined with attacker-crafted HTTP requests and conditions beyond the attacker's control. F5 has released patches addressing this critical flaw. EPSS data unavailable; no KEV listing or public exploit identified at time of analysis, though the specific configuration requirements and dependency on external conditions likely limit widespread exploitation despite the 9.2 CVSS score. CRITICAL 9.2 0.2% 76
PoC
CVE-2020-29238 An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.7%. HIGH 7.5 16.7% 74
PoC No patch
CVE-2026-27944 Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available. CRITICAL 9.8 1.0% 70
PoC
CVE-2021-32637 Authelia is a a single sign-on multi-factor portal for web apps. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. CRITICAL 10.0 1.9% 70
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy