Every CVE whose affected-product data names Hashicorp Terraform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2018-9057 — CVSS 9.8 (critical): aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an…
CVE-2021-36230 — CVSS 8.8 (high): HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed…
CVE-2019-19316 — CVSS 7.5 (high): When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state…
CVE-2023-4782 — CVSS 6.3 (medium): Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform…
CVE-2025-13432 — CVSS 4.3 (medium): Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may…