Skip to main content

Nvidia

Vendor security scorecard – 919 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 2840
919
CVEs
35
Critical
549
High
0
KEV
35
PoC
447
Unpatched C/H
23.2%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
35
HIGH
549
MEDIUM
287
LOW
48

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2016-1741 The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%. CRITICAL 9.8 17.3% 86
PoC
CVE-2013-0109 The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.2 7.3% 78
PoC
CVE-2019-5684 NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. CRITICAL 10.0 5.4% 70
PoC
CVE-2026-24207 Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV. CRITICAL 9.8 0.1% 69
PoC No patch
CVE-2019-5685 NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 5.0% 69
PoC No patch
CVE-2025-23359 NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. HIGH 8.3 3.7% 65
PoC
CVE-2016-8812 For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available. HIGH 8.8 0.4% 64
PoC
CVE-2016-1861 The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 3.0% 62
PoC No patch
CVE-2024-0132 NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. HIGH 8.3 37.1% 62
PoC
CVE-2016-1846 The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 1.9% 61
PoC No patch
CVE-2015-7865 nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.7 1.4% 60
PoC No patch
CVE-2016-7384 For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.8 0.4% 59
PoC
CVE-2016-7385 For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.8 0.4% 59
PoC
CVE-2016-7387 For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.8 0.4% 59
PoC
CVE-2016-7390 For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.8 0.4% 59
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy