SecAlerts
CVE ListPricingSign Up
nginx logo

nginx

Security Risk Profile

50
/100
medium

Security Risk Score

Comprehensive risk assessment based on 63 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from November 20, 2009 to present

63
Total CVEs
21
Critical+High
2
Exploited
9
Unpatched

Threat Assessment

Avg CVSS
6.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
9
Critical/High
Risk Level
50/100
medium
⚠️ 2 Active Exploits 1 Zero-Days🆕 8Fresh (<7d)📈 18 in Last 30 Days

Severity Distribution

Critical
7
High
14
Medium
21
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Buffer Overflow
11
2
Null Pointer Dereference
4
3
Use After Free
2
4
CRLF Injection
1
5
Integer Overflow
1

Most Affected Products

1. F5 Nginx566
2. F5 NGINX Plus101
3. F5 NGINX Open Source31
4. Nginx NGINX Open Source23
5. Nginx NGINX Plus19

Recent Vulnerabilities

See more →
https://seclists.org/oss-sec/2026/q2/677
unknown

Anthropic's coordinated vulnerability disclosudashboard

5/23/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/671
unknown

NGINX ngx_http_write_module buffer overflow (CVE-2026-9256)

5/22/2026🔧 No Patch
https://reddit.com/r/netsec/comments/1tktr0o/cve20269256_nginxpoolslip_another_new/
unknown

CVE-2026-9256 - "nginx-poolslip", another new vulnerability in the rewrite module

5/22/2026🔧 No Patch
CVE-2026-9256
CVSS 8.1EPSS 0%high

NGINX ngx_http_rewrite_module vulnerability

5/22/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/657
unknown

Host ambiguous quests through NGINX $host and Debian's proxy_params

5/21/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/656
unknown

Host ambiguous quests through NGINX **$http_host** and Debian's proxy_params

5/21/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/645
unknown

Host ambiguous quests through NGINX $host and Debian's proxy_params

5/21/2026🔧 No Patch
CVE-2026-8711
CVSS 9.2EPSS 0%critical

NGINX JavaScript vulnerability

5/19/2026🔧 No Patch
https://reddit.com/r/cybersecurity/comments/1tg2nd9/nginx_cve202642945_exploited_in_the_wild_causing/
unknown

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

5/17/2026🔧 No Patch
https://reddit.com/r/netsec/comments/1tctw53/cve202642945_nginx_heap_buffer_overflow_in/
unknown

CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC

5/14/2026🔧 No Patch

Monitor nginx in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

nginx Security Vulnerabilities & Risk Score | 63 CVEs | SecAlerts - SecAlerts