CVE-2016-0746 — CVSS 9.8 (critical): Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a…
CVE-2014-9390 — CVSS 9.8 (critical): Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial…
CVE-2019-14379 — CVSS 9.8 (critical): SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of…
CVE-2018-4164 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM"…
CVE-2004-2687 — CVSS 9.3 (critical): distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute…
CVE-2025-43505 — CVSS 8.8 (high): An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously…
CVE-2019-8721 — CVSS 8.8 (high): Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0…
CVE-2019-8840 — CVSS 8.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may…
CVE-2019-8724 — CVSS 8.8 (high): Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0…
CVE-2019-3855 — CVSS 8.8 (high): An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from…
CVE-2019-8722 — CVSS 8.8 (high): Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0…
CVE-2019-8723 — CVSS 8.8 (high): Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0…
CVE-2023-27967 — CVSS 8.6 (high): The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out…
CVE-2022-39260 — CVSS 8.5 (high): Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement…
CVE-2025-43371 — CVSS 8.2 (high): This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
CVE-2021-21300 — CVSS 8.0 (high): Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains…
CVE-2022-22601 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2016-1765 — CVSS 7.8 (high): otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application…
CVE-2016-4704 — CVSS 7.8 (high): otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash)…
CVE-2016-4705 — CVSS 7.8 (high): otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash)…
CVE-2017-7134 — CVSS 7.8 (high): An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote…
CVE-2017-7135 — CVSS 7.8 (high): An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote…
CVE-2017-7136 — CVSS 7.8 (high): An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote…
CVE-2017-7137 — CVSS 7.8 (high): An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote…
CVE-2017-7167 — CVSS 7.8 (high): An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow…
CVE-2018-4357 — CVSS 7.8 (high): A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.
CVE-2019-8738 — CVSS 7.8 (high): A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted…
CVE-2019-8739 — CVSS 7.8 (high): A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted…
CVE-2019-8800 — CVSS 7.8 (high): A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file…
CVE-2019-8806 — CVSS 7.8 (high): A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file…
CVE-2020-9992 — CVSS 7.8 (high): This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This…
CVE-2022-22602 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-22603 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-22604 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-22605 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-22606 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-22607 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-22608 — CVSS 7.8 (high): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file…
CVE-2022-26747 — CVSS 7.8 (high): This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.
CVE-2022-29187 — CVSS 7.8 (high): Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is…
CVE-2022-42797 — CVSS 7.8 (high): An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root…
CVE-2023-32396 — CVSS 7.8 (high): This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14…
CVE-2024-44162 — CVSS 7.8 (high): This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's…
CVE-2017-7529 — CVSS 7.5 (high): Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module…
CVE-2015-7030 — CVSS 7.5 (high): The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
CVE-2015-1149 — CVSS 7.5 (high): Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or…
CVE-2018-16844 — CVSS 7.5 (high): nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This…
CVE-2014-6394 — CVSS 7.5 (high): visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which…
CVE-2024-44228 — CVSS 7.5 (high): This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode…
CVE-2018-16843 — CVSS 7.5 (high): nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory…
CVE-2016-0742 — CVSS 7.5 (high): The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer…
CVE-2006-5328 — CVSS 7.2 (high): OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create…
CVE-2006-5327 — CVSS 7.2 (high): Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other…
CVE-2025-43263 — CVSS 7.1 (high): The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its…
CVE-2023-27945 — CVSS 6.3 (medium): This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A…
CVE-2026-28889 — CVSS 6.2 (medium): A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary…
CVE-2018-16845 — CVSS 6.1 (medium): nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop…
CVE-2022-24765 — CVSS 6.0 (medium): Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines…
CVE-2026-28890 — CVSS 5.5 (medium): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause…
CVE-2024-23298 — CVSS 5.5 (medium): A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An app may bypass Gatekeeper checks.
CVE-2024-44191 — CVSS 5.5 (medium): This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS…
CVE-2021-1800 — CVSS 5.5 (medium): A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to…
CVE-2025-24226 — CVSS 5.5 (medium): The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
CVE-2025-30441 — CVSS 5.5 (medium): This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary…
CVE-2025-43375 — CVSS 5.5 (medium): The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
CVE-2022-32920 — CVSS 5.5 (medium): The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.
CVE-2022-39253 — CVSS 5.5 (medium): Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5…
CVE-2023-40391 — CVSS 5.5 (medium): The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An…
CVE-2023-40435 — CVSS 5.5 (medium): This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.
CVE-2019-20372 — CVSS 5.3 (medium): NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker…
CVE-2024-40862 — CVSS 5.3 (medium): A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple…
CVE-2016-0747 — CVSS 5.3 (medium): The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause…
CVE-2015-5909 — CVSS 5.0 (medium): IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to…
CVE-2015-3027 — CVSS 5.0 (medium): Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack…
CVE-2014-8108 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to…
CVE-2012-3698 — CVSS 5.0 (medium): Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers…
CVE-2015-3184 — CVSS 5.0 (medium): mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict…
CVE-2015-0248 — CVSS 5.0 (medium): The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a…
CVE-2015-7056 — CVSS 5.0 (medium): IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in…
CVE-2008-2318 — CVSS 5.0 (medium): The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which…
CVE-2014-3580 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause…
CVE-2025-43504 — CVSS 4.9 (medium): A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position…
CVE-2015-7057 — CVSS 4.6 (medium): otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted…
CVE-2015-7049 — CVSS 4.6 (medium): otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted…
CVE-2015-3185 — CVSS 4.3 (medium): The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require…
CVE-2025-43370 — CVSS 4.0 (medium): A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may…
CVE-2014-3522 — CVSS 4.0 (medium): The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the…
CVE-2015-3187 — CVSS 4.0 (medium): The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is…
CVE-2006-1466 — CVSS 4.0 (medium): Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects…
CVE-2014-3528 — CVSS 4.0 (medium): Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store…
CVE-2015-0251 — CVSS 4.0 (medium): The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the…
CVE-2015-5910 — CVSS 3.3 (low): IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain…
CVE-2025-31186 — CVSS 3.3 (low): A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy…