Aggregates CVE and security vulnerability intelligence across all nginx-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow and vendor risk path handling, with potential vendor impact application crash and vendor impact memory corruption across vendor surface http services use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-35173 | An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | [email protected] | 7.5 | 0.38% | 2022-08-18 | 2024-11-21 |
| CVE-2022-30503 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | [email protected] | 5.5 | 0.05% | 2022-06-02 | 2024-11-21 |
| CVE-2022-29780 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | [email protected] | 5.5 | 0.06% | 2022-06-02 | 2024-11-21 |
| CVE-2022-29779 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | [email protected] | 5.5 | 0.06% | 2022-06-02 | 2024-11-21 |
| CVE-2021-46461 | njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. | [email protected] | 9.8 | 0.73% | 2022-02-14 | 2024-11-21 |
| CVE-2009-3898 | Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | [email protected] | 4.9 | 1.08% | 2009-11-24 | 2026-04-23 |
| CVE-2009-3896 | src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | [email protected] | 5.0 | 3.37% | 2009-11-24 | 2026-04-23 |