threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apple xcode
Product
apple xcode
95 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-28890
< 26.4
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause
5.5
MEDIUM
CVE-2026-28889
< 26.4
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbi
6.2
MEDIUM
CVE-2025-31186
< 16.3
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Pr
3.3
LOW
CVE-2025-43505
< 26.1
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a malicio
8.8
HIGH
CVE-2025-43504
< 26.1
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network p
4.9
MEDIUM
CVE-2025-43375
< 26.0
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a p
5.5
MEDIUM
CVE-2025-43371
< 26.0
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
8.2
HIGH
CVE-2025-43370
< 26.0
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path val
4.0
MEDIUM
CVE-2025-43263
< 26.0
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside
7.1
HIGH
CVE-2025-48384
< 26.0
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level oper
8.0
HIGH
CVE-2025-30441
< 16.3
This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arb
5.5
MEDIUM
CVE-2025-24226
< 16.3
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private inf
5.5
MEDIUM
CVE-2024-44228
< 16.0
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode
7.5
HIGH
CVE-2024-44191
< 16.0
This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and
5.5
MEDIUM
CVE-2024-44162
< 16.0
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to
7.8
HIGH
CVE-2024-40862
< 16.0
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine th
5.3
MEDIUM
CVE-2024-23298
< 15.3
A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An app may bypass Gatekeeper checks
5.5
MEDIUM
CVE-2023-40435
< 15.0
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store cre
5.5
MEDIUM
CVE-2023-40391
< 15.0
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcod
5.5
MEDIUM
CVE-2023-32396
< 15.0
This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS S
7.8
HIGH
CVE-2022-32920
< 14.0
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user inf
5.5
MEDIUM
CVE-2023-27967
< 14.3
The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary
8.6
HIGH
CVE-2023-27945
< 14.3
This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.
6.3
MEDIUM
CVE-2022-42797
< 14.1
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain roo
7.8
HIGH
CVE-2022-39260
< 14.1
Git is an open source, scalable, distributed revision control system.
git shell
is a restricted login shell that can be used to
8.5
HIGH
CVE-2022-39253
< 14.1
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.
5.5
MEDIUM
CVE-2022-29187
< 14.1
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.
7.8
HIGH
CVE-2022-26747
< 13.4
This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.
7.8
HIGH
CVE-2022-24765
< 13.4
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machi
6.0
MEDIUM
CVE-2022-22608
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22607
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22606
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22605
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22604
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22603
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22602
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2022-22601
< 13.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafte
7.8
HIGH
CVE-2021-44228
< 13.3
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration
10.0
CRITICAL
CVE-2021-1800
< 12.4
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be ab
5.5
MEDIUM
CVE-2021-21300
< 12.5
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contain
8.0
HIGH
CVE-2019-8840
< 11.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sou
8.8
HIGH
CVE-2020-9992
< 12.0
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS
7.8
HIGH
CVE-2014-9390
<= 6.1.1
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercur
9.8
CRITICAL
CVE-2019-20372
< 13.0
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an a
5.3
MEDIUM
CVE-2019-8806
< 11.2
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously craf
7.8
HIGH
CVE-2019-8800
< 11.2
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously craf
7.8
HIGH
CVE-2019-8739
< 11.0
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciousl
7.8
HIGH
CVE-2019-8738
< 11.0
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciousl
7.8
HIGH
CVE-2019-8724
< 11.0
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.
8.8
HIGH
CVE-2019-8723
< 11.0
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.
8.8
HIGH
CVE-2019-8722
< 11.0
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.
8.8
HIGH
CVE-2019-8721
< 11.0
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.
8.8
HIGH
CVE-2019-14379
< 13.3
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.
9.8
CRITICAL
CVE-2018-4357
< 10
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.
7.8
HIGH
CVE-2019-3855
< 11.0
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are
8.8
HIGH
CVE-2018-16845
< 13.0
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infini
6.1
MEDIUM
CVE-2018-16844
< 13.0
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage
7.5
HIGH
CVE-2018-16843
< 13.0
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory co
7.5
HIGH
CVE-2018-4164
< 9.3
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LL
9.8
CRITICAL
CVE-2017-7167
< 9.2
An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer
7.8
HIGH
CVE-2017-7137
<= 8.3.3
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows
7.8
HIGH
CVE-2017-7136
<= 8.3.3
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows
7.8
HIGH
CVE-2017-7135
<= 8.3.3
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows
7.8
HIGH
CVE-2017-7134
<= 8.3.3
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows
7.8
HIGH
CVE-2017-7529
< 13.0
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter modul
7.5
HIGH
CVE-2016-4705
<= 7.3.1
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and applicatio
7.8
HIGH
CVE-2016-4704
<= 7.3.1
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and applicatio
7.8
HIGH
CVE-2016-1765
<= 7.2.1
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and applicat
7.8
HIGH
CVE-2016-0747
< 13.0
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers
5.3
MEDIUM
CVE-2016-0746
< 13.0
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to caus
9.8
CRITICAL
CVE-2016-0742
< 13.0
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer d
7.5
HIGH
CVE-2015-7057
<= 7.1.1
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a craf
CVE-2015-7056
<= 7.1.1
IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive informati
CVE-2015-7049
<= 7.1.1
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a craf
CVE-2015-7030
<= 7.0
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
CVE-2015-5910
<= 6.4
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obta
CVE-2015-5909
<= 6.4
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attac
CVE-2015-3187
<= 7.2.1
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorizat
CVE-2015-3184
<= 7.2.1
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly r
CVE-2015-3185
all versions
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Requ
CVE-2015-3027
<= 6.2
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for
CVE-2015-1149
<= 6.2
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of servi
CVE-2015-0251
all versions
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the
CVE-2015-0248
all versions
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to
CVE-2014-8108
all versions
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attacker
CVE-2014-3580
all versions
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers
CVE-2014-6394
all versions
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root,
CVE-2014-3528
all versions
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm t
CVE-2014-3522
all versions
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcard
CVE-2012-3698
<= 4.3.3
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identif
CVE-2008-2318
all versions
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs
CVE-2006-5328
<= 2.2
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 and earlier and possibly other products, allows local users to creat
CVE-2006-5327
<= 2.2
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 and earlier and possibly othe
CVE-2006-1466
<= 2.2
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjec
CVE-2004-2687
all versions
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin