macOS vulnerabilities: known CVEs & security history
Apple · Operating system · 2000 tracked CVEs · 43 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all macOS release lines — 2000 in total, with 43 actively exploited in the wild. A CVE here doesn't mean your version is affected — check macOS's current status and the safe version to run.
Known macOS CVEs
Actively-exploited and most-severe first. Showing the top 80 of 2000. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2022-22587⚡ exploited | critical | 9.8 | 12% | 2022 |
| CVE-2021-1871⚡ exploited | critical | 9.8 | 7% | 2021 |
| CVE-2021-1870⚡ exploited | critical | 9.8 | 8% | 2021 |
| CVE-2016-4171⚡ exploited | critical | 9.8 | 20% | 2016 |
| CVE-2015-5123⚡ exploited | critical | 9.8 | 18% | 2015 |
| CVE-2015-5122⚡ exploited | critical | 9.8 | 94% | 2015 |
| CVE-2014-0497⚡ exploited | critical | 9.8 | 100% | 2014 |
| CVE-2022-32893⚡ exploited | high | 8.8 | 10% | 2022 |
| CVE-2022-2294⚡ exploited | high | 8.8 | 70% | 2022 |
| CVE-2022-22620⚡ exploited | high | 8.8 | 16% | 2022 |
| CVE-2021-30665⚡ exploited | high | 8.8 | 3% | 2021 |
| CVE-2021-30663⚡ exploited | high | 8.8 | 3% | 2021 |
| CVE-2021-30661⚡ exploited | high | 8.8 | 4% | 2021 |
| CVE-2021-28550⚡ exploited | high | 8.8 | 52% | 2021 |
| CVE-2021-30858⚡ exploited | high | 8.8 | 13% | 2021 |
| CVE-2021-1789⚡ exploited | high | 8.8 | 15% | 2021 |
| CVE-2021-21017⚡ exploited | high | 8.8 | 86% | 2021 |
| CVE-2017-5070⚡ exploited | high | 8.8 | 31% | 2017 |
| CVE-2017-5030⚡ exploited | high | 8.8 | 42% | 2017 |
| CVE-2016-5198⚡ exploited | high | 8.8 | 35% | 2017 |
| CVE-2014-8439⚡ exploited | high | 8.8 | 20% | 2014 |
| CVE-2022-32894⚡ exploited | high | 7.8 | 3% | 2022 |
| CVE-2022-22675⚡ exploited | high | 7.8 | 13% | 2022 |
| CVE-2021-30807⚡ exploited | high | 7.8 | 29% | 2021 |
| CVE-2021-30713⚡ exploited | high | 7.8 | 7% | 2021 |
| CVE-2021-30952⚡ exploited | high | 7.8 | 7% | 2021 |
| CVE-2021-30900⚡ exploited | high | 7.8 | 5% | 2021 |
| CVE-2021-30883⚡ exploited | high | 7.8 | 15% | 2021 |
| CVE-2021-30869⚡ exploited | high | 7.8 | 4% | 2021 |
| CVE-2021-30860⚡ exploited | high | 7.8 | 76% | 2021 |
| CVE-2020-27932⚡ exploited | high | 7.8 | 10% | 2020 |
| CVE-2020-27930⚡ exploited | high | 7.8 | 22% | 2020 |
| CVE-2020-9715⚡ exploited | high | 7.8 | 48% | 2020 |
| CVE-2020-3950⚡ exploited | high | 7.8 | 7% | 2020 |
| CVE-2018-4878⚡ exploited | high | 7.8 | 90% | 2018 |
| CVE-2011-0609⚡ exploited | high | 7.8 | 67% | 2011 |
| CVE-2021-31010⚡ exploited | high | 7.5 | 3% | 2021 |
| CVE-2012-2034⚡ exploited | high | 7.5 | 8% | 2012 |
| CVE-2010-2883⚡ exploited | high | 7.3 | 82% | 2010 |
| CVE-2021-1782⚡ exploited | high | 7 | 2% | 2021 |
| CVE-2022-22674⚡ exploited | medium | 5.5 | 1% | 2022 |
| CVE-2021-30657⚡ exploited | medium | 5.5 | 69% | 2021 |
| CVE-2020-27950⚡ exploited | medium | 5.5 | 17% | 2020 |
| CVE-2022-32839 | critical | 9.8 | 3% | 2022 |
| CVE-2022-37434 | critical | 9.8 | 16% | 2022 |
| CVE-2022-32207 | critical | 9.8 | 5% | 2022 |
| CVE-2022-26776 | critical | 9.8 | 2% | 2022 |
| CVE-2022-26775 | critical | 9.8 | 2% | 2022 |
| CVE-2022-26723 | critical | 9.8 | 1% | 2022 |
| CVE-2022-26711 | critical | 9.8 | 4% | 2022 |
| CVE-2022-26708 | critical | 9.8 | 2% | 2022 |
| CVE-2022-22641 | critical | 9.8 | 1% | 2022 |
| CVE-2022-22632 | critical | 9.8 | 1% | 2022 |
| CVE-2022-22586 | critical | 9.8 | 2% | 2022 |
| CVE-2022-22720 | critical | 9.8 | 28% | 2022 |
| CVE-2022-0318 | critical | 9.8 | 2% | 2022 |
| CVE-2021-44790 | critical | 9.8 | 97% | 2021 |
| CVE-2021-34423 | critical | 9.8 | 3% | 2021 |
| CVE-2021-30678 | critical | 9.8 | 3% | 2021 |
| CVE-2021-30655 | critical | 9.8 | 2% | 2021 |
| CVE-2021-1882 | critical | 9.8 | 2% | 2021 |
| CVE-2021-1834 | critical | 9.8 | 3% | 2021 |
| CVE-2021-1829 | critical | 9.8 | 2% | 2021 |
| CVE-2021-1770 | critical | 9.8 | 3% | 2021 |
| CVE-2021-30805 | critical | 9.8 | 3% | 2021 |
| CVE-2021-30793 | critical | 9.8 | 3% | 2021 |
| CVE-2021-40531 | critical | 9.8 | 33% | 2021 |
| CVE-2021-31009 | critical | 9.8 | 1% | 2021 |
| CVE-2021-1818 | critical | 9.8 | 3% | 2021 |
| CVE-2019-20856 | critical | 9.8 | 1% | 2020 |
| CVE-2020-9633 | critical | 9.8 | 8% | 2020 |
| CVE-2020-13417 | critical | 9.8 | 2% | 2020 |
| CVE-2020-12651 | critical | 9.8 | 7% | 2020 |
| CVE-2020-3789 | critical | 9.8 | 4% | 2020 |
| CVE-2020-3788 | critical | 9.8 | 4% | 2020 |
| CVE-2020-3787 | critical | 9.8 | 4% | 2020 |
| CVE-2020-3786 | critical | 9.8 | 4% | 2020 |
| CVE-2020-3785 | critical | 9.8 | 4% | 2020 |
| CVE-2020-3784 | critical | 9.8 | 4% | 2020 |
| CVE-2020-3783 | critical | 9.8 | 5% | 2020 |
1920 older / lower-severity CVEs not shown — see macOS's full record.
Is my macOS version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your macOS version → · Monitor macOS for new CVEs →
macOS vulnerabilities — frequently asked
How many known vulnerabilities does macOS have?
IsItPatched tracks 2000 CVEs for macOS, 43 of which are actively exploited (CISA KEV). 203 are critical-severity and 1135 high-severity. These span every release line — what matters is whether the version you run is affected.
Does macOS have any actively-exploited vulnerabilities?
Yes — 43 macOS CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (2 linked to ransomware). Patch these as a priority.
What is the most severe macOS vulnerability?
Among tracked issues, CVE-2022-22587 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Out-of-bounds write weakness.
Is macOS safe to use?
It depends on the version. The latest supported macOS release (26.5.1) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: macOS security status · macOS end-of-life · actively-exploited CVEs. Always verify against Apple's advisories — see our disclaimer.