saltstack salt Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting saltstack salt, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every saltstack salt version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v2015.8.1122 CVEs
v2015.8.1222 CVEs
v0.10.011 CVEs
v0.10.111 CVEs
v0.10.211 CVEs
v0.10.311 CVEs
v0.10.411 CVEs
v0.10.511 CVEs
v0.11.011 CVEs
v0.12.011 CVEs
v0.13.011 CVEs
v0.14.011 CVEs
v0.15.011 CVEs
v0.1611 CVEs
v0.1711 CVEs
v0.6.011 CVEs
v0.7.011 CVEs
v0.8.011 CVEs
v0.8.711 CVEs
v0.8.811 CVEs
v0.8.911 CVEs
v0.9.011 CVEs
v0.9.111 CVEs
v0.9.211 CVEs
v0.9.311 CVEs
v0.9.411 CVEs
v0.9.511 CVEs
v0.9.611 CVEs
v0.9.711 CVEs
v0.9.811 CVEs
v0.9.911 CVEs
v2014.111 CVEs
v2014.711 CVEs
v2014.7.011 CVEs
v2014.7.0rc111 CVEs
v2014.7.0rc211 CVEs
v2014.7.0rc311 CVEs
v2014.7.0rc411 CVEs
v2014.7.0rc511 CVEs
v2014.7.0rc611 CVEs
v2014.7.0rc711 CVEs
v2014.7.111 CVEs
v2014.7.211 CVEs
v2014.7.311 CVEs
v2014.7.411 CVEs
v2014.7.511 CVEs
v2014.7.611 CVEs
v2015.211 CVEs
v2015.2.0rc111 CVEs
v2015.2.0rc211 CVEs
v2015.511 CVEs
v2015.5.011 CVEs
v2015.5.111 CVEs
v2015.5.211 CVEs
v2015.5.311 CVEs
v2015.5.411 CVEs
v2015.5.511 CVEs
v2014.7.710 CVEs
v2014.7.810 CVEs
v2015.5.610 CVEs
v2015.5.710 CVEs
v2015.5.810 CVEs
v2015.5.910 CVEs
v2015.810 CVEs
v2015.8.010 CVEs
v2015.8.0rc110 CVEs
v2015.8.0rc210 CVEs
v2015.8.0rc310 CVEs
v2015.8.0rc410 CVEs
v2015.8.0rc510 CVEs
v2014.7.99 CVEs
v2015.5.119 CVEs
v2015.8.19 CVEs
v2015.8.29 CVEs
v2015.8.39 CVEs
v2015.8.49 CVEs
v2015.8.89 CVEs
v2015.8.99 CVEs
v2016.37 CVEs
v2016.3.07 CVEs
v2016.3.0rc07 CVEs
v2016.3.0rc17 CVEs
v2016.3.0rc27 CVEs
v2016.3.0rc37 CVEs
v2016.3.17 CVEs
v2016.3.27 CVEs
v2016.3.37 CVEs
old-branch-2014.76 CVEs
old-branch-2015.56 CVEs
old-branch-2015.86 CVEs
v2015.8.136 CVEs
v2016.116 CVEs
v2016.3.46 CVEs
v2016.3.56 CVEs
v2016.96 CVEs
v2016.11.05 CVEs
v2016.11.0rc15 CVEs
v2016.11.0rc25 CVEs
v2016.11.15 CVEs
v2016.11.25 CVEs
v2016.11.35 CVEs
v2016.11.45 CVEs
v2016.11.55 CVEs
v2016.11.65 CVEs
v2016.3.65 CVEs
v2017.54 CVEs
v2017.74 CVEs
v2017.7.04 CVEs
v2017.7.0rc14 CVEs
v2017.7.14 CVEs
v2017.7.34 CVEs
v2017.7.44 CVEs
v2017.7.54 CVEs
v2017.7.64 CVEs
v2017.7.74 CVEs
v2018.3.04 CVEs
v3005.1-23 CVEs
v3005.1-33 CVEs
v3005.1-43 CVEs
v3006.03 CVEs
old-branch-2016.32 CVEs
v2016.11.92 CVEs
v2017.7.22 CVEs
v2017.7.82 CVEs
v2018.112 CVEs
v2018.22 CVEs
v2018.32 CVEs
v2018.3.0rc12 CVEs
v2018.3.12 CVEs
v2018.3.22 CVEs
v2018.3.32 CVEs
v2019.22 CVEs
v2019.2.02 CVEs
v2019.2.0rc12 CVEs
v2019.2.0rc22 CVEs
v2018.3.41 CVE
v2019.2.11 CVE
v2019.2.1rc11 CVE
v30001 CVE
v3000_docs1 CVE
v3000.0rc11 CVE
v3000.0rc21 CVE
v3000.11 CVE
v30011 CVE
v3001.11 CVE
v3001rc11 CVE
v30021 CVE
v3002rc11 CVE
v3005.21 CVE
v3005.31 CVE
v3005.41 CVE
v3005.51 CVE
v3006.11 CVE
v3006.101 CVE
v3006.111 CVE
v3006.21 CVE
v3006.31 CVE
v3006.3_docs1 CVE
v3006.41 CVE
v3006.51 CVE
v3006.61 CVE
v3006.71 CVE
v3006.81 CVE
v3006.91 CVE

Fixed in

2017.7.815 CVEs
2016.3.614 CVEs
24c4ae9c2148a0f48e4f28c848a5011e18b57b7a14 CVEs
2015.8.1013 CVEs
2015.8.1313 CVEs
2016.11.1013 CVEs
2016.11.313 CVEs
2016.3.413 CVEs
2016.3.813 CVEs
2019.2.513 CVEs
302776b03c38514667e2292ef3553b6442ee776d13 CVEs
5da2de946d243b538926f4992a1ee9a9d865e62d13 CVEs
7d79ea784414fc73afc85086ce912fda83f3497d

Find a version

53 CVEs

Sort

CVE-2024-38824 salt advisory
CVE-2024-38824
Patch
CWE-22
Critical · CVSS 9.6
EPSS 0.4% (60th pct)2025-06-13
Medium vulnerability · 2023-09-05
CVE-2023-20898
Patch
Medium · CVSS 4.2
EPSS 0.1% (29th pct)2023-09-05
Medium vulnerability · 2023-09-05
CVE-2023-20897
Patch
Medium · CVSS 5.3
EPSS 0.2% (39th pct)2023-09-05
Critical vulnerability · 2023-02-17
CVE-2021-33226
Public exploit
Patch
CWE-120
Critical · CVSS 9.8
EPSS 4.0% (89th pct)2023-02-17
High vulnerability · 2022-06-22
CVE-2022-22967
Patch
CWE-863
High · CVSS 8.8
EPSS 0.5% (67th pct)2022-06-22
High vulnerability · 2022-03-29
CVE-2022-22941
Patch
CWE-732
High · CVSS 8.8
EPSS 0.0% (4th pct)2022-03-29
High vulnerability · 2022-03-29
CVE-2022-22936
Patch
CWE-294
High · CVSS 8.8
EPSS 0.1% (29th pct)2022-03-29
Low vulnerability · 2022-03-29
CVE-2022-22935
Patch
CWE-287
Low · CVSS 3.7
EPSS 0.1% (22th pct)2022-03-29
Vulnerability · 2022-03-29
CVE-2022-22934
Patch
Unscored
EPSS 0.1% (31th pct)2022-03-29
Vulnerability · 2021-09-08
CVE-2021-22004
Patch
Unscored
EPSS 0.1% (34th pct)2021-09-08
Vulnerability · 2021-09-08
CVE-2021-21996
Patch
Unscored
EPSS 2.3% (85th pct)2021-09-08
Vulnerability · 2021-04-23
CVE-2021-31607
Patch
Unscored
EPSS 4.5% (89th pct)2021-04-23
Critical vulnerability · 2021-03-03
CVE-2021-25315
Patch
CWE-287
Critical · CVSS 9.8
EPSS 0.2% (36th pct)2021-03-03
Vulnerability · 2021-02-27
CVE-2021-3197
Patch
Unscored
EPSS 9.9% (93th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2021-3148
Patch
Unscored
EPSS 7.3% (92th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2021-3144
Patch
Unscored
EPSS 5.5% (90th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2021-25284
Patch
Unscored
EPSS 0.0% (6th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2021-25283
Patch
Unscored
EPSS 10.0% (93th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2021-25282
Public exploit
Patch
Unscored
EPSS 91.3% (100th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2021-25281
Public exploit
Patch
Unscored
EPSS 93.8% (100th pct)2021-02-27
High vulnerability · 2021-02-27
CVE-2020-35662
Patch
CWE-295
High · CVSS 7.4
EPSS 0.8% (74th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2020-28972
Patch
Unscored
EPSS 0.8% (74th pct)2021-02-27
Vulnerability · 2021-02-27
CVE-2020-28243
Patch
Unscored
EPSS 1.4% (81th pct)2021-02-27
Vulnerability · 2020-11-06
CVE-2020-25592
Public exploit
Patch
Unscored
EPSS 44.9% (98th pct)2020-11-06
Vulnerability · 2020-11-06
CVE-2020-17490
Patch
Unscored
EPSS 0.0% (15th pct)2020-11-06
Critical vulnerability · 2020-11-06
CVE-2020-16846
CISA KEV
Public exploit
Patch
CWE-78
Added to CISA KEV 2021-11-03
Critical · CVSS 9.3
EPSS 94.4% (100th pct)2020-11-06
High vulnerability · 2020-04-30
CVE-2020-11652
CISA KEV
Public exploit
Patch
CWE-22
Added to CISA KEV 2021-11-03
High · CVSS 7.1
EPSS 93.7% (100th pct)2020-04-30
Critical vulnerability · 2020-04-30
CVE-2020-11651
CISA KEV
Public exploit
Patch
Added to CISA KEV 2021-11-03
Critical · CVSS 10.0
EPSS 94.2% (100th pct)2020-04-30
Vulnerability · 2020-01-17
CVE-2019-17361
Patch
Unscored
EPSS 17.9% (95th pct)2020-01-17
Vulnerability · 2019-07-18
CVE-2019-1010259
Patch
Unscored
EPSS 0.4% (59th pct)2019-07-18

Showing 30 of 53

saltstack salt Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other saltstack products

Frequently asked questions

How many CVEs does saltstack salt have?

How many saltstack salt CVEs are in CISA KEV?

Are there public exploits for saltstack salt vulnerabilities?

Which versions of saltstack salt are affected?

What are the most common weakness types in saltstack salt CVEs?

How many critical saltstack salt vulnerabilities are there?

What is the average severity of saltstack salt CVEs?

References

Track saltstack salt vulnerabilities