Every CVE whose affected-product data names Oisf Suricata, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (65)
CVE-2023-35853 — CVSS 9.8 (critical): In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in…
CVE-2021-37592 — CVSS 9.8 (critical): Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of…
CVE-2018-10244 — CVSS 9.8 (critical): Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the…
CVE-2019-18792 — CVSS 9.1 (critical): An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake…
CVE-2019-1010279 — CVSS 7.5 (high): Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The…
CVE-2019-18625 — CVSS 7.5 (high): An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an…
CVE-2020-19678 — CVSS 7.5 (high): Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain…
CVE-2021-45098 — CVSS 7.5 (high): An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with…
CVE-2023-35852 — CVSS 7.5 (high): In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a…
CVE-2024-23835 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-23836 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions…
CVE-2025-64333 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2018-10242 — CVSS 7.5 (high): Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond…
CVE-2019-10050 — CVSS 7.5 (high): A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed…
CVE-2019-1010251 — CVSS 7.5 (high): Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact…
CVE-2025-59148 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2025-59150 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2025-64330 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2025-64331 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2025-64332 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2025-64334 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In…
CVE-2025-64335 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In…
CVE-2025-64344 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2026-22258 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a…
CVE-2026-22259 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume…
CVE-2026-22260 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack…
CVE-2026-31931 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause…
CVE-2026-31932 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance…
CVE-2026-31933 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow…
CVE-2026-31934 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when…
CVE-2026-31935 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to…
CVE-2026-31937 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance…
CVE-2024-28870 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF…
CVE-2024-32663 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and…
CVE-2024-38534 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus…
CVE-2024-38535 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out…
CVE-2024-38536 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation…
CVE-2024-45795 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-47187 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-47188 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-47522 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-55605 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a…
CVE-2024-55628 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-55629 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP…
CVE-2025-29915 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag…
CVE-2025-53538 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In…
CVE-2025-59147 — CVSS 7.5 (high): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community…
CVE-2026-22264 — CVSS 7.4 (high): Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap…
CVE-2024-23839 — CVSS 7.1 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3…
CVE-2025-29916 — CVSS 6.2 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in…
CVE-2025-59149 — CVSS 6.2 (medium): Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In…
CVE-2025-29918 — CVSS 6.2 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be…
CVE-2025-29917 — CVSS 6.2 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in…
CVE-2024-55627 — CVSS 5.9 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a…
CVE-2026-22262 — CVSS 5.9 (medium): Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3…
CVE-2026-22263 — CVSS 5.3 (medium): Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing…
CVE-2024-37151 — CVSS 5.3 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of…
CVE-2024-32867 — CVSS 5.3 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and…
CVE-2024-45796 — CVSS 5.3 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-32664 — CVSS 5.3 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and…
CVE-2024-24568 — CVSS 5.3 (medium): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the…
CVE-2013-5919 — CVSS 5.0 (medium): Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
CVE-2026-22261 — CVSS 3.7 (low): Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for…
CVE-2024-55626 — CVSS 3.3 (low): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a…