919
CVEs
35
Critical
549
High
0
KEV
35
PoC
447
Unpatched C/H
23.2%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
35
HIGH
549
MEDIUM
287
LOW
48
Monthly CVE Trend
Affected Products (30)
Gpu Driver
127
Virtual Gpu
95
Gpu Display Driver
65
Linux Kernel
56
Android
46
Virtual Gpu Manager
42
Cuda Toolkit
41
Triton Inference Server
40
Windows
39
Cloud Gaming
37
Jetson Linux
36
Geforce Experience
33
Dgx A100 Firmware
19
Python
16
Nemo
15
Dgx H100 Firmware
15
Dgx Os
14
Megatron Bridge
13
Tensorrt Llm
12
Mac Os X
12
Debian Linux
12
Shield Experience
11
Bmc Firmware
9
Jetson Tx1
9
Quadro M620
8
Shield Tv
8
Geforce Gtx 950
8
Geforce Gtx Titan X
8
Quadro M5000
8
Tesla M10
8
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2016-1741 | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%. | CRITICAL | 9.8 | 17.3% | 86 |
PoC
|
| CVE-2013-0109 | The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.2 | 7.3% | 78 |
PoC
|
| CVE-2019-5684 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | CRITICAL | 10.0 | 5.4% | 70 |
PoC
|
| CVE-2026-24207 | Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2019-5685 | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 5.0% | 69 |
PoC
No patch
|
| CVE-2025-23359 | NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 8.3 | 3.7% | 65 |
PoC
|
| CVE-2016-8812 | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 8.8 | 0.4% | 64 |
PoC
|
| CVE-2016-1861 | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 3.0% | 62 |
PoC
No patch
|
| CVE-2024-0132 | NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 8.3 | 37.1% | 62 |
PoC
|
| CVE-2016-1846 | The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 1.9% | 61 |
PoC
No patch
|
| CVE-2015-7865 | nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.7 | 1.4% | 60 |
PoC
No patch
|
| CVE-2016-7384 | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.8 | 0.4% | 59 |
PoC
|
| CVE-2016-7385 | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.8 | 0.4% | 59 |
PoC
|
| CVE-2016-7387 | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.8 | 0.4% | 59 |
PoC
|
| CVE-2016-7390 | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.8 | 0.4% | 59 |
PoC
|