NVIDIA
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any NVIDIA product.
RSS Feeds for NVIDIA security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in NVIDIA products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by NVIDIA Sorted by Most Security Vulnerabilities since 2018
Recent NVIDIA Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 5749 | Security Bulletin: NVIDIA Isaac Launchable - December 2025 | December 23, 2025 |
| 5733 | Security Bulletin: NVIDIA Isaac Lab - December 2025 | December 16, 2025 |
| 5746 | Security Bulletin: NVIDIA Resiliency Extension - December 2025 | December 16, 2025 |
| 5736 | Security Bulletin: NVIDIA NeMo Framework - December 2025 | December 16, 2025 |
| 5739 | Security Bulletin: NVIDIA Merlin - December 2025 | December 9, 2025 |
| 5734 | Security Bulletin: NVIDIA Triton Inference Server 25.10 - December 2025 | December 2, 2025 |
| 5730 | Security Bulletin: NVIDIA TAO - December 2025 | December 2, 2025 |
| 5720 | Security Bulletin: NVIDIA DGX Spark - November 2025 | November 25, 2025 |
| 5726 | Security Bulletin: NVIDIA NeMo Agent Toolkit - November 2025 | November 25, 2025 |
| 5729 | Security Bulletin: NVIDIA NeMo Framework - November 2025 | November 25, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in NVIDIA. Last year, in 2025 NVIDIA had 173 security vulnerabilities published. Right now, NVIDIA is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 173 | 6.72 |
| 2024 | 34 | 6.81 |
| 2023 | 28 | 6.22 |
| 2022 | 43 | 6.72 |
| 2021 | 31 | 6.51 |
| 2020 | 25 | 6.78 |
| 2019 | 15 | 6.96 |
| 2018 | 7 | 4.96 |
It may take a day or so for new NVIDIA vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NVIDIA Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-33222 | Dec 23, 2025 |
Hardcoded creds in NVIDIA Isaac Launchable allow code exec & privilege escalationNVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. |
|
| CVE-2025-33223 | Dec 23, 2025 |
Privilege Escalation in NVIDIA Isaac Launchable (CVE-2025-33223)NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. |
|
| CVE-2025-33224 | Dec 23, 2025 |
NVIDIA Isaac Laun. Priv Esc via Unnecessary PrivilegesNVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. |
|
| CVE-2025-33235 | Dec 16, 2025 |
NVIDIA Resiliency Extension for Linux Race Condition in Checkpointing CoreNVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges. |
|
| CVE-2025-33225 | Dec 16, 2025 |
NVIDIA RE Log Aggregation Vulnerability Enables Priv EscalationNVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. |
|
| CVE-2025-33210 | Dec 16, 2025 |
NVIDIA Isaac Lab Deserialization Vulnerability Enabling Code ExecNVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution. |
|
| CVE-2025-33226 | Dec 16, 2025 |
NVIDIA NeMo Framework Code Injection via Malicious DataNVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. |
Nemo
|
| CVE-2025-33212 | Dec 16, 2025 |
NVIDIA NeMo Framework: Code Exec from Malicious Model LoadingNVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. |
Nemo
|
| CVE-2025-33214 | Dec 09, 2025 |
Deserialization flaw in NVIDIA NVTabular Workflow on LinuxNVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
|
| CVE-2025-33213 | Dec 09, 2025 |
Deserialization Flaw in NVIDIA Merlin4Rec Trainer (CVE-2025-33213)NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
|
| CVE-2025-33208 | Dec 03, 2025 |
NVIDIA TAO Uncontrolled Search Path Resource Loading (CVE-2025-33208)NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure. |
|
| CVE-2025-33211 | Dec 03, 2025 |
Improper Quantity Validation in NVIDIA Triton Server Causing DoSNVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service. |
Triton Inference Server
|
| CVE-2025-33201 | Dec 03, 2025 |
NVIDIA Triton Inference Server DoS via Improper Large Payload CheckNVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service. |
Triton Inference Server
|
| CVE-2025-33203 | Nov 25, 2025 |
NVIDIA NeMo Agent Toolkit UI: SSRF in Chat APINVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service. |
Nemo
|
| CVE-2025-33205 | Nov 25, 2025 |
NVIDIA NeMo: Predefined Variable Inclusion Allows Code ExecNVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution. |
Nemo
|
| CVE-2025-33204 | Nov 25, 2025 |
NVIDIA NeMo Framework Code Injection via Malicious NLP/LLM DataNVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. |
Nemo
|
| CVE-2025-33200 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 SROOT Firmware Reuse Vulnerability Allows Info DisclosureNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. |
|
| CVE-2025-33199 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 SROOT Firmware Control Flow Flaw - Data TamperingNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering. |
|
| CVE-2025-33198 | Nov 25, 2025 |
Info Disclosure via Resource Reuse in NVIDIA DGX Spark GB10 SROOTNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. |
|
| CVE-2025-33197 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 Null Pointer Deref in SROOT Firmware (Denial of Service)NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2025-33196 | Nov 25, 2025 |
Resource Reuse in SROOT Firmware of NVIDIA DGX Spark GB10 Causes Info LeakNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. |
|
| CVE-2025-33195 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 SROOT Firmware Buffer OverflowNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges. |
|
| CVE-2025-33194 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 Firmware SROOT Vulnerability: Info Disclosure & DoSNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service. |
|
| CVE-2025-33193 | Nov 25, 2025 |
DGX Spark GB10 SROOT FLW: Improper Intgrity Validation -> Info DisclosureNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure. |
|
| CVE-2025-33192 | Nov 25, 2025 |
DGX Spark GB10 SROOT Firmware Arbitrary Memory Read (DoS)NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2025-33191 | Nov 25, 2025 |
DGX Spark GB10 OSROOT Firmware CVE-2025-33191: DoS via Invalid Memory ReadNVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2025-33190 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 SROOT Firmware OOB Write ExploitNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges. |
|
| CVE-2025-33189 | Nov 25, 2025 |
NVIDIA DGX Spark GB10 SROOT Firmware OOB Write CVE-2025-33189NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges. |
|
| CVE-2025-33188 | Nov 25, 2025 |
Hardware Control Tampering in NVIDIA DGX Spark GB10 (Information Disclosure/DoS)NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service. |
|
| CVE-2025-33187 | Nov 25, 2025 |
Privileged SROOT Exploit in NVIDIA DGX Spark GB10 Enables Privilege EscalationNVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges. |
|
| CVE-2025-33184 | Nov 18, 2025 |
NVIDIA Isaac-GR00T Python Component Code Injection (CVE-2025-33184)NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
|
| CVE-2025-33183 | Nov 18, 2025 |
CVE-2025-33183: Code Injection in NVIDIA Isaac-GR00T Python ComponentNVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
|
| CVE-2025-33186 | Nov 11, 2025 |
NVIDIA AIStore AuthN Vulnerability Enables Privilege Escalation & Data TamperingNVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering. |
Aistore
|
| CVE-2025-33185 | Nov 11, 2025 |
NVIDIA AIStore AuthN Bypass Enables Information DisclosureNVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure. |
Aistore
|
| CVE-2025-33202 | Nov 11, 2025 |
Stack Overflow via Large Payloads in NVIDIA Triton Inference ServerNVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2025-33178 | Nov 11, 2025 |
NVIDIA NeMo BERT Services Code Injection (CVE-2025-33178)NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering. |
Nemo
|
| CVE-2025-23361 | Nov 11, 2025 |
NVIDIA NeMo Framework Improper Code Gen via Script Input (CVE-2025-23361)NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. |
Nemo
|
| CVE-2025-23357 | Nov 11, 2025 |
NVIDIA Megatron-LM Code Injection via Malicious ScriptNVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering. |
Megatron Lm
|
| CVE-2025-23358 | Nov 04, 2025 |
NVIDIA NVApp Windows Installer Search Path Issue (CVE-2025-23358)NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges. |
Nvapp
|
| CVE-2025-33176 | Nov 04, 2025 |
RunAI Improper Network Channel Restriction (CVE-2025-33176)NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure. |
Runai
|
| CVE-2025-23352 | Oct 23, 2025 |
NVIDIA vGPU VMM Uninitialized Pointer Access CVE-2025-23352NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. |
Virtual Gpu Manager
|
| CVE-2025-23347 | Oct 23, 2025 |
NVIDIA Project G-Assist Privilege Escalation & DoS PotentialNVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. |
Geforce
Tesla
|
| CVE-2025-23345 | Oct 23, 2025 |
OOB Read in NVIDIA Display Driver Video DecoderNVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service. |
Geforce
Tesla
|
| CVE-2025-23332 | Oct 23, 2025 |
CVE-2025-23332: NVIDIA Linux Driver Kernel Mod Nullptr Deref DoSNVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service. |
Virtual Gpu Manager
Geforce
Tesla
And others... |
| CVE-2025-23330 | Oct 23, 2025 |
CVE-2025-23330: NVIDIA Display Driver Null Pointer Deref Denial of ServiceNVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service. |
Geforce
Tesla
|
| CVE-2025-23300 | Oct 23, 2025 |
NVIDIA Linux Kernel Driver DoS via NPENVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service. |
Virtual Gpu Manager
Geforce
Tesla
And others... |
| CVE-2025-23299 | Oct 22, 2025 |
NVIDIA Bluefield/ConnectX, High-Priv Exec via Management InterfaceNVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code. |
Bluefield
Connectx
|
| CVE-2025-33177 | Oct 14, 2025 |
NvMap Over-allocation in NVIDIA Jetson Linux/IGX OS Local DoSNVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service. |
Jetson
Igx
|
| CVE-2025-33182 | Oct 14, 2025 |
NVIDIA Jetson UEFI Auth. Flaw Enables DT Corruption & DoSNVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service. |
Jetson
|
| CVE-2025-23356 | Oct 14, 2025 |
NVIDIA Isaac Lab SB3 Config Parsing Vulnerability Enables Code ExecutionNVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. |
Isaac Lab
|