203 CVEs

2 in CISA KEV

amazon Vulnerabilities

CVE security advisories and vulnerability history for amazon.

203

Total CVEs

Published

2

In CISA KEV

Exploited in the wild

11

Public exploits

With known exploit

7.0

Avg CVSS

2012–2026

Overview

amazon has 203 published CVE records since 2012, of which 2 are in CISA's Known Exploited Vulnerabilities catalog and 11 have a known public exploit. The average CVSS base score across scored CVEs is 7.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting amazon products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of amazon's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical8

High65

Medium51

Low2

77 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

2

2 of amazon's CVEs are confirmed exploited in the wild.

Public exploits

11

11 of amazon's CVEs have a known public exploit available.

Most affected products

The amazon products with the most published CVEs.

freertos18 CVEs
amazon web services freertos14 CVEs
amazon-freertos14 CVEs
fire os13 CVEs
opensearch12 CVEs
linux kernel11 CVEs
freertos-plus-tcp10 CVEs
tough10 CVEs

Common weakness types

The CWE weakness categories most often found in amazon CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish amazon CVE records.

Disclosure activity by year

How many amazon CVEs were published each year.

2019

14

2020

8

2021

21

2022

21

2023

19

2024

21

2025

27

2026

30

Latest amazon CVEs

The most recently disclosed vulnerabilities affecting amazon.

Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver
CWE-470
Critical · CVSS 9.2
EPSS 0.0%2026-05-08
High vulnerability · 2026-05-04
CWE-367
High · CVSS 8.5
EPSS 0.0%2026-05-04
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
CWE-78
High · CVSS 7.5
EPSS 0.0%2026-04-30
Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
CWE-787
High · CVSS 8.1
EPSS 0.0%2026-04-29
Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP
CWE-125
Medium · CVSS 6.5
EPSS 0.0%2026-04-29
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
CWE-191
High · CVSS 8.1
EPSS 0.0%2026-04-29
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP
CWE-191
Medium · CVSS 6.0
EPSS 0.0%2026-04-29
MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing
CWE-290
High · CVSS 7.1
EPSS 0.0%2026-04-29
Multiple Path Traversal Variants in awslabs/tough
CWE-22
High · CVSS 7.1
EPSS 0.1%2026-04-24
Missing Delegated Metadata Validation in awslabs/tough
CWE-345
High · CVSS 7.1
EPSS 0.0%2026-04-24
Signature Threshold Bypass in awslabs/tough Delegated Roles
CWE-347
High · CVSS 7.0
EPSS 0.0%2026-04-24
crypto: algif_aead - Revert to operating out-of-place
CISA KEV
CWE-669
High · CVSS 7.8
EPSS 2.2%2026-04-22

Track new amazon CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor amazon CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

wwbn209 CVEs angeljudesuarez206 CVEs zte203 CVEs hashicorp202 CVEs postgresql201 CVEs Cybozu, Inc.200 CVEs gentoo199 CVEs arm198 CVEs

Browse all vendors

Frequently asked questions

Common questions about amazon vulnerabilities.

How many CVEs does amazon have?

amazon has 203 published CVE records since 2012, including 57 in the last two years.

How many amazon CVEs are in CISA KEV?

Yes — 2 of amazon's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which amazon products have the most CVEs?

The amazon products with the most published CVEs are freertos, amazon web services freertos, amazon-freertos, fire os, opensearch.

What are the most common weakness types in amazon CVEs?

amazon's CVEs most often map to these CWE weakness types: CWE-295 (Improper Certificate Validation), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-863 (Incorrect Authorization), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

Are there public exploits for amazon vulnerabilities?

Yes — 11 of amazon's CVEs have a known public exploit.

How many critical amazon vulnerabilities are there?

amazon has 8 critical and 65 high-severity CVEs.

What is the average severity of amazon CVEs?

The average CVSS base score across amazon's scored CVEs is 7.0.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track amazon vulnerabilities

Monitor new amazon vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing