347 CVEs

2 in CISA KEV

Synology Vulnerabilities

CVE security advisories and vulnerability history for Synology.

347

Total CVEs

Published

2

In CISA KEV

Exploited in the wild

26

Public exploits

With known exploit

6.8

Avg CVSS

2010–2026

Overview

Synology has 347 published CVE records since 2010, of which 2 are in CISA's Known Exploited Vulnerabilities catalog and 26 have a known public exploit. The average CVSS base score across scored CVEs is 6.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Synology products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Synology's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical33

High89

Medium138

Low5

82 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

2

2 of Synology's CVEs are confirmed exploited in the wild.

Public exploits

26

26 of Synology's CVEs have a known public exploit available.

Most affected products

The Synology products with the most published CVEs.

diskstation manager132 CVEs
router manager62 CVEs
DiskStation Manager (DSM)53 CVEs
Synology Router Manager (SRM)43 CVEs
photo station33 CVEs
skynas29 CVEs
Surveillance Station25 CVEs
vs960hd22 CVEs

Common weakness types

The CWE weakness categories most often found in Synology CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Synology CVE records.

Disclosure activity by year

How many Synology CVEs were published each year.

2019

40

2020

22

2021

35

2022

36

2023

13

2024

47

2025

29

2026

21

Latest Synology CVEs

The most recently disclosed vulnerabilities affecting Synology.

Medium vulnerability · 2026-05-27
CWE-598
Medium · CVSS 6.2
EPSS 0.0%2026-05-27
Medium vulnerability · 2026-05-27
CWE-346
Medium · CVSS 6.1
EPSS 0.0%2026-05-27
Medium vulnerability · 2026-05-27
CWE-346
Medium · CVSS 6.1
EPSS 0.0%2026-05-27
High vulnerability · 2026-05-27
CWE-89
High · CVSS 8.6
EPSS 0.1%2026-05-27
High vulnerability · 2026-05-27
CWE-749
High · CVSS 7.5
EPSS 0.0%2026-05-27
Medium vulnerability · 2026-05-27
CWE-346
Medium · CVSS 6.1
EPSS 0.0%2026-05-27
Critical vulnerability · 2026-05-27
CWE-120
Critical · CVSS 9.8
EPSS 0.3%2026-05-27
High vulnerability · 2026-05-27
CWE-754
High · CVSS 8.1
EPSS 0.1%2026-05-27
Medium vulnerability · 2026-05-27
CWE-79
Medium · CVSS 5.4
EPSS 0.0%2026-05-27
Medium vulnerability · 2026-05-27
CWE-79
Medium · CVSS 5.9
EPSS 0.0%2026-05-27
Low vulnerability · 2026-05-27
CWE-863
Low · CVSS 2.7
EPSS 0.0%2026-05-27
Medium vulnerability · 2026-05-27
CWE-522
Medium · CVSS 4.9
EPSS 0.0%2026-05-27

Track new Synology CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Synology CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

Autodesk363 CVEs rockwellautomation353 CVEs openbsd346 CVEs Liferay341 CVEs sourceware339 CVEs zyxel334 CVEs asus334 CVEs HCL Software332 CVEs

Browse all vendors

Frequently asked questions

Common questions about Synology vulnerabilities.

How many CVEs does Synology have?

Synology has 347 published CVE records since 2010, including 50 in the last two years.

How many Synology CVEs are in CISA KEV?

Yes — 2 of Synology's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which Synology products have the most CVEs?

The Synology products with the most published CVEs are diskstation manager, router manager, DiskStation Manager (DSM), Synology Router Manager (SRM), photo station.

What are the most common weakness types in Synology CVEs?

Synology's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

Are there public exploits for Synology vulnerabilities?

Yes — 26 of Synology's CVEs have a known public exploit.

How many critical Synology vulnerabilities are there?

Synology has 33 critical and 89 high-severity CVEs.

What is the average severity of Synology CVEs?

The average CVSS base score across Synology's scored CVEs is 6.8.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Synology vulnerabilities

Monitor new Synology vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing