Solaris vulnerabilities: known CVEs & security history
Oracle · Actively exploited · 755 tracked CVEs · 11 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Solaris release lines — 755 in total, with 11 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Solaris's current status and the safe version to run.
Known Solaris CVEs
Actively-exploited and most-severe first. Showing the top 80 of 755. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2020-14871⚡ exploited | critical | 10 | 80% | 2020 |
| CVE-2013-2251⚡ exploited | critical | 9.8 | 100% | 2013 |
| CVE-2019-3010⚡ exploited | high | 8.8 | 14% | 2019 |
| CVE-2015-4495⚡ exploited | high | 8.8 | 70% | 2015 |
| CVE-2011-0611⚡ exploited | high | 8.8 | 99% | 2011 |
| CVE-2012-0754⚡ exploited | high | 8.1 | 92% | 2012 |
| CVE-2011-0609⚡ exploited | high | 7.8 | 67% | 2011 |
| CVE-2008-2992⚡ exploited | high | 7.8 | 98% | 2008 |
| CVE-2012-0767⚡ exploited | medium | 6.1 | 7% | 2012 |
| CVE-2016-3718⚡ exploited | medium | 5.5 | 77% | 2016 |
| CVE-2016-3715⚡ exploited | medium | 5.5 | 75% | 2016 |
| CVE-2019-14678 | critical | 10 | 3% | 2019 |
| CVE-2017-3623 | critical | 10 | 22% | 2017 |
| CVE-2015-8104 | critical | 10 | 3% | 2015 |
| CVE-2021-39085 | critical | 9.8 | 1% | 2022 |
| CVE-2022-22318 | critical | 9.8 | 0% | 2022 |
| CVE-2022-22317 | critical | 9.8 | 0% | 2022 |
| CVE-2020-10108 | critical | 9.8 | 4% | 2020 |
| CVE-2018-20732 | critical | 9.8 | 4% | 2019 |
| CVE-2017-3632 | critical | 9.8 | 4% | 2017 |
| CVE-2016-5841 | critical | 9.8 | 13% | 2016 |
| CVE-2016-5691 | critical | 9.8 | 5% | 2016 |
| CVE-2016-5690 | critical | 9.8 | 5% | 2016 |
| CVE-2016-5689 | critical | 9.8 | 5% | 2016 |
| CVE-2016-5687 | critical | 9.8 | 5% | 2016 |
| CVE-2016-2177 | critical | 9.8 | 45% | 2016 |
| CVE-2016-5118 | critical | 9.8 | 49% | 2016 |
| CVE-2016-0693 | critical | 9.8 | 3% | 2016 |
| CVE-2016-1283 | critical | 9.8 | 8% | 2016 |
| CVE-2001-0249 | critical | 9.8 | 20% | 2001 |
| CVE-2017-3510 | critical | 9.6 | 2% | 2017 |
| CVE-2020-11580 | critical | 9.1 | 1% | 2020 |
| CVE-2025-36038 | critical | 9 | 8% | 2025 |
| CVE-2015-4486 | high | 10 | 7% | 2015 |
| CVE-2015-4485 | high | 10 | 8% | 2015 |
| CVE-2015-2740 | high | 10 | 6% | 2015 |
| CVE-2015-2739 | high | 10 | 3% | 2015 |
| CVE-2015-2738 | high | 10 | 3% | 2015 |
| CVE-2015-2737 | high | 10 | 3% | 2015 |
| CVE-2015-2734 | high | 10 | 3% | 2015 |
| CVE-2015-2733 | high | 10 | 6% | 2015 |
| CVE-2015-2731 | high | 10 | 6% | 2015 |
| CVE-2015-2726 | high | 10 | 6% | 2015 |
| CVE-2015-2725 | high | 10 | 6% | 2015 |
| CVE-2015-2724 | high | 10 | 6% | 2015 |
| CVE-2015-2722 | high | 10 | 6% | 2015 |
| CVE-2014-0397 | high | 10 | 2% | 2014 |
| CVE-2014-1563 | high | 10 | 6% | 2014 |
| CVE-2014-1528 | high | 10 | 6% | 2014 |
| CVE-2014-1488 | high | 10 | 7% | 2014 |
| CVE-2014-1478 | high | 10 | 7% | 2014 |
| CVE-2013-5610 | high | 10 | 7% | 2013 |
| CVE-2010-3509 | high | 10 | 2% | 2010 |
| CVE-2007-0882 | high | 10 | 98% | 2007 |
| CVE-2002-1337 | high | 10 | 72% | 2003 |
| CVE-1999-0046 | high | 10 | 53% | 1997 |
| CVE-2015-4496 | high | 9.3 | 4% | 2015 |
| CVE-2015-4493 | high | 9.3 | 7% | 2015 |
| CVE-2015-2736 | high | 9.3 | 4% | 2015 |
| CVE-2015-2735 | high | 9.3 | 4% | 2015 |
| CVE-2014-1557 | high | 9.3 | 5% | 2014 |
| CVE-2014-1507 | high | 9.3 | 1% | 2014 |
| CVE-2014-1494 | high | 9.3 | 5% | 2014 |
| CVE-2012-0725 | high | 9.3 | 2% | 2012 |
| CVE-2012-0724 | high | 9.3 | 2% | 2012 |
| CVE-2012-0773 | high | 9.3 | 5% | 2012 |
| CVE-2012-0756 | high | 9.3 | 15% | 2012 |
| CVE-2012-0755 | high | 9.3 | 5% | 2012 |
| CVE-2012-0753 | high | 9.3 | 4% | 2012 |
| CVE-2012-0752 | high | 9.3 | 9% | 2012 |
| CVE-2011-0628 | high | 9.3 | 6% | 2011 |
| CVE-2011-0627 | high | 9.3 | 5% | 2011 |
| CVE-2011-0626 | high | 9.3 | 5% | 2011 |
| CVE-2011-0625 | high | 9.3 | 5% | 2011 |
| CVE-2011-0624 | high | 9.3 | 5% | 2011 |
| CVE-2011-0623 | high | 9.3 | 5% | 2011 |
| CVE-2011-0622 | high | 9.3 | 4% | 2011 |
| CVE-2011-0621 | high | 9.3 | 4% | 2011 |
| CVE-2011-0620 | high | 9.3 | 4% | 2011 |
| CVE-2011-0619 | high | 9.3 | 4% | 2011 |
675 older / lower-severity CVEs not shown — see Solaris's full record.
Is my Solaris version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Solaris version → · Monitor Solaris for new CVEs →
Solaris vulnerabilities — frequently asked
How many known vulnerabilities does Solaris have?
IsItPatched tracks 755 CVEs for Solaris, 11 of which are actively exploited (CISA KEV). 24 are critical-severity and 223 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Solaris have any actively-exploited vulnerabilities?
Yes — 11 Solaris CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (1 linked to ransomware). Patch these as a priority.
What is the most severe Solaris vulnerability?
Among tracked issues, CVE-2020-14871 (CRITICAL, CVSS 10), which is actively exploited, ranks highest — a Out-of-bounds write weakness.
Is Solaris safe to use?
It depends on the version. The latest supported Solaris release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Solaris security status · Solaris end-of-life · actively-exploited CVEs. Always verify against Oracle's advisories — see our disclaimer.