Avast Antivirus
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Avast Antivirus.
By the Year
In 2026 there have been 0 vulnerabilities in Avast Antivirus. Last year, in 2025 Antivirus had 5 security vulnerabilities published. Right now, Antivirus is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 8.70 |
| 2024 | 4 | 5.50 |
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 5 | 8.40 |
| 2020 | 1 | 5.50 |
| 2019 | 2 | 4.40 |
It may take a day or so for new Antivirus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Avast Antivirus Security Vulnerabilities
Avast Antivirus NULL Ptr Deref CVE-2025-7007 MacOS/Linux 16.0.0/3.0.3 Crash
CVE-2025-7007
7.5 - High
- December 01, 2025
NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
NULL Pointer Dereference
Avast Antivirus 25.1.981.6 Integer Overflow Privilege Escalation
CVE-2025-3500
9 - Critical
- December 01, 2025
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.
Integer Overflow or Wraparound
Avast Antivirus 8.3.70.98 Heap Overflow Local Exec on macOS
CVE-2025-8351
9 - Critical
- December 01, 2025
Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.
Heap-based Buffer Overflow
Avast Antivirus 15.7-3.9.2025 Heap OVF -> Local Exec on macOS
CVE-2025-10101
8.1 - High
- December 01, 2025
Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.
Heap-based Buffer Overflow
Double fetch in Avast/AVG Antivirus <25.3 driver allows local privEsc
CVE-2025-13032
9.9 - Critical
- November 11, 2025
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow.
TOCTTOU
Null-Pointer Deref in AVG/Avast Antivirus Engine (macOS) Crash via Malformed xar
CVE-2024-9484
5.5 - Medium
- October 04, 2024
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
NULL Pointer Dereference
CVE-2024-9481: Out-of-bounds Write in AVG/Avast Engine Crashes MacOS
CVE-2024-9481
5.5 - Medium
- October 04, 2024
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
Memory Corruption
AVAST Antivirus OOB Write Crash via Malformed Mach-O on macOS
CVE-2024-9482
5.5 - Medium
- October 04, 2024
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
Memory Corruption
AVG/Avast Antivirus: Null Deref in Sig Verify Module
CVE-2024-9483
5.5 - Medium
- October 04, 2024
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
NULL Pointer Dereference
Avast AntiVirus < v19.7 Buffer Overflow in aswSnx.sys Driver
CVE-2020-20118
5.5 - Medium
- July 11, 2023
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
Classic Buffer Overflow
Privilege escalation vulnerability in Avast Antivirus prior to 20.4
CVE-2021-45339
7.8 - High
- December 27, 2021
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.
AuthZ
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission
CVE-2021-45335
8.8 - High
- December 27, 2021
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
Incorrect Default Permissions
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4
CVE-2021-45336
8.8 - High
- December 27, 2021
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8
CVE-2021-45337
8.8 - High
- December 27, 2021
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4
CVE-2021-45338
7.8 - High
- December 27, 2021
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562
CVE-2020-15024
5.5 - Medium
- September 10, 2020
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.
Improper Removal of Sensitive Information Before Storage or Transfer
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8
CVE-2019-17093
- October 23, 2019
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.
In Avast Antivirus before 19.4, a local administrator
CVE-2019-11230
4.4 - Medium
- July 18, 2019
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Avast Antivirus or by Avast? Click the Watch button to subscribe.
