tianocore
Security Risk Profile
70
/100
highSecurity Risk Score
Comprehensive risk assessment based on 64 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from June 5, 2018 to present
64
Total CVEs
32
Critical+High
0
Exploited
7
Unpatched
Threat Assessment
Avg CVSS
6.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
7
Critical/High
Risk Level
70/100
high
📈 2 in Last 30 Days
Severity Distribution
Critical
3High
29Medium
29Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
0Age Distribution
Common Weaknesses (CWE)
1
Buffer Overflow
21
2
Integer Overflow
5
3
Weak RNG
2
4
Input Validation
2
5
Infoleak
1
Most Affected Products
1. Tianocore edk253
2. ubuntu/edk231
3. Tianocore EDK II27
4. debian/edk227
5. Insyde kernel12
Recent Vulnerabilities
See more →CVE-2024-13745
unknown
, EDK II: several issues with partition table measuments
5/29/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/727
unknown
CVE-2024-13745, EDK II: several issues with partition table measuments
5/29/2026🔧 No Patch
CVE-2025-2486
CVSS 8.8high
UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
11/26/2025
CVE-2023-49721
CVSS 6.7medium
2/14/2024🔧 No Patch
CVE-2023-48733
CVSS 6.7medium
2/14/2024
REDHAT-BUG-2258691
CVSS 4.0medium
1/17/2024🔧 No Patch
REDHAT-BUG-2258677
CVSS 4.0medium
1/17/2024🔧 No Patch
https://www.bleepingcomputer.com/news/security/pixiefail-flaws-impact-pxe-network-boot-in-enterprise-systems/
unknown
PixieFail flaws impact PXE network boot in enterprise systems
1/16/2024🔧 No Patch
CVE-2023-45237
CVSS 7.5high
Use of a Weak PseudoRandom Number Generator in EDK II Network Package
1/16/2024
CVE-2023-45236
CVSS 7.5high
Predictable TCP ISNs in EDK II Network Package
1/16/2024
Monitor tianocore in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.