Internet Explorer vulnerabilities: known CVEs & security history
Microsoft · Microsoft · 1742 tracked CVEs · 43 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Internet Explorer release lines — 1742 in total, with 43 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Internet Explorer's current status and the safe version to run.
Known Internet Explorer CVEs
Actively-exploited and most-severe first. Showing the top 80 of 1742. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2015-0313⚡ exploited | critical | 9.8 | 96% | 2015 |
| CVE-2015-0311⚡ exploited | critical | 9.8 | 86% | 2015 |
| CVE-2014-1776⚡ exploited | critical | 9.8 | 88% | 2014 |
| CVE-2021-27085⚡ exploited | high | 8.8 | 4% | 2021 |
| CVE-2021-26411⚡ exploited | high | 8.8 | 81% | 2021 |
| CVE-2019-0541⚡ exploited | high | 8.8 | 53% | 2019 |
| CVE-2017-0222⚡ exploited | high | 8.8 | 30% | 2017 |
| CVE-2017-0210⚡ exploited | high | 8.8 | 20% | 2017 |
| CVE-2017-0149⚡ exploited | high | 8.8 | 29% | 2017 |
| CVE-2015-2502⚡ exploited | high | 8.8 | 51% | 2015 |
| CVE-2015-2425⚡ exploited | high | 8.8 | 45% | 2015 |
| CVE-2015-2419⚡ exploited | high | 8.8 | 45% | 2015 |
| CVE-2014-4123⚡ exploited | high | 8.8 | 40% | 2014 |
| CVE-2014-2817⚡ exploited | high | 8.8 | 26% | 2014 |
| CVE-2014-0322⚡ exploited | high | 8.8 | 85% | 2014 |
| CVE-2013-3897⚡ exploited | high | 8.8 | 77% | 2013 |
| CVE-2013-3893⚡ exploited | high | 8.8 | 86% | 2013 |
| CVE-2013-3163⚡ exploited | high | 8.8 | 71% | 2013 |
| CVE-2013-1347⚡ exploited | high | 8.8 | 78% | 2013 |
| CVE-2013-2551⚡ exploited | high | 8.8 | 74% | 2013 |
| CVE-2012-4792⚡ exploited | high | 8.8 | 79% | 2012 |
| CVE-2010-0806⚡ exploited | high | 8.8 | 82% | 2010 |
| CVE-2010-0249⚡ exploited | high | 8.8 | 92% | 2010 |
| CVE-2017-0037⚡ exploited | high | 8.1 | 80% | 2017 |
| CVE-2012-4969⚡ exploited | high | 8.1 | 82% | 2012 |
| CVE-2010-3962⚡ exploited | high | 8.1 | 97% | 2010 |
| CVE-2020-1380⚡ exploited | high | 7.8 | 24% | 2020 |
| CVE-2020-0968⚡ exploited | high | 7.5 | 30% | 2020 |
| CVE-2020-0674⚡ exploited | high | 7.5 | 87% | 2020 |
| CVE-2019-1429⚡ exploited | high | 7.5 | 73% | 2019 |
| CVE-2019-1367⚡ exploited | high | 7.5 | 53% | 2019 |
| CVE-2019-0752⚡ exploited | high | 7.5 | 82% | 2019 |
| CVE-2018-8653⚡ exploited | high | 7.5 | 29% | 2018 |
| CVE-2018-8373⚡ exploited | high | 7.5 | 62% | 2018 |
| CVE-2016-0189⚡ exploited | high | 7.5 | 93% | 2016 |
| CVE-2019-0676⚡ exploited | medium | 6.5 | 8% | 2019 |
| CVE-2016-3298⚡ exploited | medium | 6.5 | 33% | 2016 |
| CVE-2016-3351⚡ exploited | medium | 6.5 | 26% | 2016 |
| CVE-2015-0071⚡ exploited | medium | 6.5 | 34% | 2015 |
| CVE-2013-7331⚡ exploited | medium | 6.5 | 58% | 2014 |
| CVE-2017-0059⚡ exploited | medium | 4.3 | 62% | 2017 |
| CVE-2016-0162⚡ exploited | medium | 4.3 | 22% | 2016 |
| CVE-2020-0878⚡ exploited | medium | 4.2 | 3% | 2020 |
| CVE-2013-0022 | critical | 9 | 17% | 2013 |
| CVE-2012-4787 | critical | 9 | 18% | 2012 |
| CVE-2014-1764 | high | 10 | 37% | 2014 |
| CVE-2014-1763 | high | 10 | 22% | 2014 |
| CVE-2013-1489 | high | 10 | 8% | 2013 |
| CVE-2010-1118 | high | 10 | 22% | 2010 |
| CVE-2009-1918 | high | 10 | 43% | 2009 |
| CVE-2009-1043 | high | 10 | 31% | 2009 |
| CVE-2007-3341 | high | 10 | 11% | 2007 |
| CVE-2007-3111 | high | 10 | 44% | 2007 |
| CVE-2007-2938 | high | 10 | 41% | 2007 |
| CVE-2007-0219 | high | 10 | 39% | 2007 |
| CVE-2007-0217 | high | 10 | 58% | 2007 |
| CVE-2006-2382 | high | 10 | 49% | 2006 |
| CVE-2006-1186 | high | 10 | 58% | 2006 |
| CVE-2006-1189 | high | 10 | 61% | 2006 |
| CVE-2006-1190 | high | 10 | 61% | 2006 |
| CVE-2004-0978 | high | 10 | 38% | 2005 |
| CVE-2004-1050 | high | 10 | 67% | 2004 |
| CVE-2004-0214 | high | 10 | 47% | 2004 |
| CVE-2004-0216 | high | 10 | 49% | 2004 |
| CVE-2004-0549 | high | 10 | 61% | 2004 |
| CVE-2004-0420 | high | 10 | 46% | 2004 |
| CVE-2003-1027 | high | 10 | 38% | 2004 |
| CVE-2000-0061 | high | 10 | 20% | 2000 |
| CVE-1999-0876 | high | 10 | 6% | 2000 |
| CVE-1999-0702 | high | 10 | 24% | 1999 |
| CVE-1999-1241 | high | 10 | 14% | 1999 |
| CVE-1999-0967 | high | 10 | 7% | 1997 |
| CVE-2015-6162 | high | 9.3 | 14% | 2015 |
| CVE-2015-6160 | high | 9.3 | 19% | 2015 |
| CVE-2015-6159 | high | 9.3 | 20% | 2015 |
| CVE-2015-6158 | high | 9.3 | 17% | 2015 |
| CVE-2015-6156 | high | 9.3 | 14% | 2015 |
| CVE-2015-6155 | high | 9.3 | 17% | 2015 |
| CVE-2015-6154 | high | 9.3 | 17% | 2015 |
| CVE-2015-6153 | high | 9.3 | 17% | 2015 |
1662 older / lower-severity CVEs not shown — see Internet Explorer's full record.
Is my Internet Explorer version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Internet Explorer version → · Monitor Internet Explorer for new CVEs →
Internet Explorer vulnerabilities — frequently asked
How many known vulnerabilities does Internet Explorer have?
IsItPatched tracks 1742 CVEs for Internet Explorer, 43 of which are actively exploited (CISA KEV). 5 are critical-severity and 1207 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Internet Explorer have any actively-exploited vulnerabilities?
Yes — 43 Internet Explorer CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (6 linked to ransomware). Patch these as a priority.
What is the most severe Internet Explorer vulnerability?
Among tracked issues, CVE-2015-0313 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Use-after-free weakness.
Is Internet Explorer safe to use?
It depends on the version. The latest supported Internet Explorer release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Internet Explorer security status · Internet Explorer end-of-life · actively-exploited CVEs. Always verify against Microsoft's advisories — see our disclaimer.