Every CVE whose affected-product data names Nsa Ghidra, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2019-16941 — CVSS 9.8 (critical): NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns…
CVE-2023-22671 — CVSS 9.8 (critical): Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command…
CVE-2019-13625 — CVSS 9.1 (critical): NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
CVE-2026-52754 — CVSS 8.8 (high): Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a…
CVE-2026-49498 — CVSS 8.8 (high): Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to…
CVE-2026-52751 — CVSS 8.8 (high): Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows…
CVE-2026-52758 — CVSS 8.8 (high): Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL…
CVE-2019-13623 — CVSS 7.8 (high): In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive…
CVE-2019-17664 — CVSS 7.8 (high): NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working…
CVE-2019-17665 — CVSS 7.8 (high): NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
CVE-2026-52750 — CVSS 7.8 (high): Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not…
CVE-2026-52752 — CVSS 7.8 (high): Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during…
CVE-2026-52755 — CVSS 7.8 (high): Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside…
CVE-2026-49496 — CVSS 6.1 (medium): Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when…
CVE-2026-52753 — CVSS 5.5 (medium): Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without…
CVE-2026-49495 — CVSS 5.5 (medium): Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection…
CVE-2026-52759 — CVSS 5.5 (medium): Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause…
CVE-2026-52756 — CVSS 4.8 (medium): Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes…
CVE-2026-52757 — CVSS 4.4 (medium): Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable…
CVE-2026-49497 — CVSS 3.3 (low): Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary…
CVE-2024-58350 — CVSS 2.9 (low): Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the…