CVE security advisories and vulnerability history for esp-idf by espressif.
28
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
5
Public exploits
With known exploit
6.6
Avg CVSS
2019–2026
Last updated
Overview
espressif esp-idf has 28 published CVE records since 2019, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 5 have a known public exploit. The average CVSS base score across scored CVEs is 6.6.
This page aggregates every publicly disclosed vulnerability (CVE) affecting espressif esp-idf, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of espressif esp-idf's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical0
High5
Medium10
Low1
12 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of espressif esp-idf's CVEs are currently listed in CISA's KEV catalog.
Public exploits
5
5 of espressif esp-idf's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every espressif esp-idf version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about espressif esp-idf vulnerabilities.
How many CVEs does espressif esp-idf have?
espressif esp-idf has 28 published CVE records since 2019.
How many espressif esp-idf CVEs are in CISA KEV?
None of espressif esp-idf's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for espressif esp-idf vulnerabilities?
Yes — 5 of espressif esp-idf's CVEs have a known public exploit.
Which versions of espressif esp-idf are affected?
206 distinct espressif esp-idf versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in espressif esp-idf CVEs?
espressif esp-idf's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-787 (Out-of-bounds Write), CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')), CWE-191 (Integer Underflow (Wrap or Wraparound)).
What is the average severity of espressif esp-idf CVEs?
The average CVSS base score across espressif esp-idf's scored CVEs is 6.6.
