674 CVEs

5 in CISA KEV

broadcom Vulnerabilities

CVE security advisories and vulnerability history for broadcom.

674

Total CVEs

Published

5

In CISA KEV

Exploited in the wild

130

Public exploits

With known exploit

7.0

Avg CVSS

1999–2026

Overview

broadcom has 674 published CVE records since 1999, of which 5 are in CISA's Known Exploited Vulnerabilities catalog and 130 have a known public exploit. The average CVSS base score across scored CVEs is 7.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting broadcom products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of broadcom's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical24

High108

Medium95

Low7

440 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

5

5 of broadcom's CVEs are confirmed exploited in the wild.

Public exploits

130

130 of broadcom's CVEs have a known public exploit available.

Most affected products

The broadcom products with the most published CVEs.

fabric operating system95 CVEs
Brocade SANnav67 CVEs
Brocade Fabric OS54 CVEs
fedora51 CVEs
tcpreplay50 CVEs
sannav44 CVEs
brightstor arcserve backup43 CVEs
linux kernel41 CVEs

Common weakness types

The CWE weakness categories most often found in broadcom CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish broadcom CVE records.

Disclosure activity by year

How many broadcom CVEs were published each year.

2019

36

2020

57

2021

49

2022

64

2023

63

2024

62

2025

62

2026

29

Latest broadcom CVEs

The most recently disclosed vulnerabilities affecting broadcom.

Automic Automation Agent Unix privilege escalation
CWE-250
High · CVSS 8.5
EPSS 0.0%2026-05-19
Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint
CWE-829
High · CVSS 7.8
EPSS 0.0%2026-03-30
Cross-Site Scripting Vulnerability in SiteMinder Administrative UI
CWE-79
Medium · CVSS 4.6
EPSS 0.0%2026-03-10
Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0
CWE-305
High · CVSS 8.3
EPSS 0.0%2026-03-03
Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands
CWE-35
Medium · CVSS 4.6
EPSS 0.0%2026-02-03
Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b
CWE-272
High · CVSS 8.5
EPSS 0.0%2026-02-03
Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command
CWE-35
Medium · CVSS 4.6
EPSS 0.0%2026-02-03
Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0
CWE-78
High · CVSS 8.2
EPSS 0.0%2026-02-03
Password Exposure in Brocade Fabric OS
CWE-250
Medium · CVSS 6.0
EPSS 0.0%2026-02-03
Privilege escalation via bind command in Brocade Fabric OS
CWE-250
High · CVSS 8.4
EPSS 0.0%2026-02-03
Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a
CWE-305
High · CVSS 8.5
EPSS 0.1%2026-02-03
SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0
CWE-312
Medium · CVSS 4.6
EPSS 0.0%2026-02-03

Track new broadcom CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor broadcom CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

wireshark735 CVEs wordpress734 CVEs novell675 CVEs Unisoc (Shanghai) Technologies Co., Ltd.647 CVEs unisoc635 CVEs moodle633 CVEs Campcodes631 CVEs qnap613 CVEs

Browse all vendors

Frequently asked questions

Common questions about broadcom vulnerabilities.

How many CVEs does broadcom have?

broadcom has 674 published CVE records since 1999, including 91 in the last two years.

How many broadcom CVEs are in CISA KEV?

Yes — 5 of broadcom's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which broadcom products have the most CVEs?

The broadcom products with the most published CVEs are fabric operating system, Brocade SANnav, Brocade Fabric OS, fedora, tcpreplay.

What are the most common weakness types in broadcom CVEs?

broadcom's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-532 (Insertion of Sensitive Information into Log File), CWE-312 (Cleartext Storage of Sensitive Information), CWE-476 (NULL Pointer Dereference).

Are there public exploits for broadcom vulnerabilities?

Yes — 130 of broadcom's CVEs have a known public exploit.

How many critical broadcom vulnerabilities are there?

broadcom has 24 critical and 108 high-severity CVEs.

What is the average severity of broadcom CVEs?

The average CVSS base score across broadcom's scored CVEs is 7.0.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track broadcom vulnerabilities

Monitor new broadcom vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing