NGINX Makers of nginx server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any NGINX product.
RSS Feeds for NGINX security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in NGINX products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by NGINX Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in NGINX. NGINX did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 9.80 |
| 2022 | 8 | 7.61 |
| 2021 | 2 | 8.75 |
| 2020 | 5 | 5.92 |
| 2019 | 12 | 8.68 |
| 2018 | 3 | 7.03 |
It may take a day or so for new NGINX vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NGINX Security Vulnerabilities
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92
CVE-2020-19692
9.8 - Critical
- April 04, 2023
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
Classic Buffer Overflow
Buffer Overflow found in Nginx NJS
CVE-2020-19695
9.8 - Critical
- April 04, 2023
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
Classic Buffer Overflow
An issue was discovered in Nginx NJS v0.7.5
CVE-2022-35173
7.5 - High
- August 18, 2022
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
Improper Check for Unusual or Exceptional Conditions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
CVE-2022-30503
5.5 - Medium
- June 02, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
CVE-2022-29780
5.5 - Medium
- June 02, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
CVE-2022-29779
5.5 - Medium
- June 02, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
njs through 0.7.1
CVE-2021-46463
9.8 - Critical
- February 14, 2022
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
Object Type Confusion
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation
CVE-2021-46462
7.5 - High
- February 14, 2022
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
njs through 0.7.0
CVE-2022-25139
9.8 - Critical
- February 14, 2022
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
Dangling pointer
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access
CVE-2021-46461
9.8 - Critical
- February 14, 2022
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
Buffer Overflow