7,222 CVEs

79 in CISA KEV

Adobe Vulnerabilities

CVE security advisories and vulnerability history for Adobe.

7,222

Total CVEs

Published

79

In CISA KEV

Exploited in the wild

385

Public exploits

With known exploit

6.5

Avg CVSS

1999–2026

Overview

Adobe has 7,222 published CVE records since 1999, of which 79 are in CISA's Known Exploited Vulnerabilities catalog and 385 have a known public exploit. The average CVSS base score across scored CVEs is 6.5.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Adobe products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Adobe's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical132

High1,504

Medium1,834

Low124

3,628 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

79

79 of Adobe's CVEs are confirmed exploited in the wild.

Public exploits

385

385 of Adobe's CVEs have a known public exploit available.

Most affected products

The Adobe products with the most published CVEs.

windows4,339 CVEs
mac os x1,962 CVEs
macos1,954 CVEs
acrobat reader dc1,781 CVEs
acrobat dc1,781 CVEs
acrobat1,360 CVEs
acrobat reader1,124 CVEs
experience manager1,092 CVEs

Common weakness types

The CWE weakness categories most often found in Adobe CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Adobe CVE records.

Disclosure activity by year

How many Adobe CVEs were published each year.

2019

570

2020

350

2021

432

2022

461

2023

687

2024

753

2025

829

2026

255

Latest Adobe CVEs

The most recently disclosed vulnerabilities affecting Adobe.

CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
CWE-191
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
CWE-190
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Improper Input Validation (CWE-20)
CWE-20
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
CWE-400
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Improper Input Validation (CWE-20)
CWE-20
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
CWE-190
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Improper Input Validation (CWE-20)
CWE-20
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
CWE-400
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
CWE-191
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
CWE-400
High · CVSS 7.5
EPSS 0.0%2026-05-12
CAI Content Credentials | Improper Input Validation (CWE-20)
CWE-20
Medium · CVSS 6.2
EPSS 0.0%2026-05-12
CAI Content Credentials | Improper Input Validation (CWE-20)
CWE-20
Medium · CVSS 6.2
EPSS 0.0%2026-05-12

Track new Adobe CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Adobe CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

IBM8,265 CVEs cisco6,813 CVEs redhat5,883 CVEs Bitnami5,647 CVEs fedoraproject5,442 CVEs composer5,054 CVEs Oracle Corporation4,928 CVEs pip4,735 CVEs

Browse all vendors

Frequently asked questions

Common questions about Adobe vulnerabilities.

How many CVEs does Adobe have?

Adobe has 7,222 published CVE records since 1999, including 1,084 in the last two years.

How many Adobe CVEs are in CISA KEV?

Yes — 79 of Adobe's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which Adobe products have the most CVEs?

The Adobe products with the most published CVEs are windows, mac os x, macos, acrobat reader dc, acrobat dc.

What are the most common weakness types in Adobe CVEs?

Adobe's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-125 (Out-of-bounds Read), CWE-787 (Out-of-bounds Write), CWE-416 (Use After Free).

Are there public exploits for Adobe vulnerabilities?

Yes — 385 of Adobe's CVEs have a known public exploit.

How many critical Adobe vulnerabilities are there?

Adobe has 132 critical and 1,504 high-severity CVEs.

What is the average severity of Adobe CVEs?

The average CVSS base score across Adobe's scored CVEs is 6.5.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Adobe vulnerabilities

Monitor new Adobe vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing