F5 Networks Nginx Open Source
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in F5 Networks Nginx Open Source.
By the Year
In 2025 there have been 0 vulnerabilities in F5 Networks Nginx Open Source. Last year, in 2024 Nginx Open Source had 7 security vulnerabilities published. Right now, Nginx Open Source is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 7 | 5.94 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Nginx Open Source vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Nginx Open Source Security Vulnerabilities
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might
CVE-2024-7347
4.7 - Medium
- August 14, 2024
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Out-of-bounds Read
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests
CVE-2024-35200
5.3 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
NULL Pointer Dereference
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets
CVE-2024-34161
5.3 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
Dangling pointer
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions
CVE-2024-32760
6.5 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
Memory Corruption
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests
CVE-2024-31079
4.8 - Medium
- May 29, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
Memory Corruption
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests
CVE-2024-24990
7.5 - High
- February 14, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Dangling pointer
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests
CVE-2024-24989
7.5 - High
- February 14, 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for F5 Networks Nginx Open Source or by F5 Networks? Click the Watch button to subscribe.
