VLC media player vulnerabilities: known CVEs & security history
VideoLAN · Media · 113 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all VLC media player release lines — 113 in total. A CVE here doesn't mean your version is affected — check VLC media player's current status and the safe version to run.
Known VLC media player CVEs
Actively-exploited and most-severe first. Showing the top 80 of 113. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2023-47359 | critical | 9.8 | 1% | 2023 |
| CVE-2019-13962 | critical | 9.8 | 4% | 2019 |
| CVE-2019-12874 | critical | 9.8 | 3% | 2019 |
| CVE-2017-10699 | critical | 9.8 | 4% | 2017 |
| CVE-2016-5108 | critical | 9.8 | 25% | 2016 |
| CVE-2018-19857 | critical | 9.1 | 4% | 2018 |
| CVE-2008-0296 | high | 10 | 15% | 2008 |
| CVE-2013-1868 | high | 9.3 | 11% | 2013 |
| CVE-2012-0023 | high | 9.3 | 5% | 2012 |
| CVE-2012-1776 | high | 9.3 | 5% | 2012 |
| CVE-2012-1775 | high | 9.3 | 45% | 2012 |
| CVE-2011-2194 | high | 9.3 | 9% | 2011 |
| CVE-2010-3276 | high | 9.3 | 7% | 2011 |
| CVE-2010-3275 | high | 9.3 | 76% | 2011 |
| CVE-2011-0531 | high | 9.3 | 42% | 2011 |
| CVE-2011-0021 | high | 9.3 | 6% | 2011 |
| CVE-2010-3907 | high | 9.3 | 6% | 2011 |
| CVE-2010-3124 | high | 9.3 | 13% | 2010 |
| CVE-2010-0364 | high | 9.3 | 7% | 2010 |
| CVE-2009-2484 | high | 9.3 | 35% | 2009 |
| CVE-2008-5276 | high | 9.3 | 8% | 2008 |
| CVE-2008-5036 | high | 9.3 | 41% | 2008 |
| CVE-2008-5032 | high | 9.3 | 11% | 2008 |
| CVE-2008-4686 | high | 9.3 | 10% | 2008 |
| CVE-2008-4654 | high | 9.3 | 58% | 2008 |
| CVE-2008-3732 | high | 9.3 | 13% | 2008 |
| CVE-2008-2430 | high | 9.3 | 6% | 2008 |
| CVE-2008-0984 | high | 9.3 | 15% | 2008 |
| CVE-2007-3316 | high | 9.3 | 17% | 2007 |
| CVE-2018-11516 | high | 8.8 | 4% | 2018 |
| CVE-2017-17670 | high | 8.8 | 2% | 2017 |
| CVE-2008-0295 | high | 8.5 | 11% | 2008 |
| CVE-2018-11529 | high | 8 | 39% | 2018 |
| CVE-2023-46814 | high | 7.8 | 0% | 2023 |
| CVE-2022-41325 | high | 7.8 | 1% | 2022 |
| CVE-2020-26664 | high | 7.8 | 2% | 2021 |
| CVE-2020-13428 | high | 7.8 | 2% | 2020 |
| CVE-2019-19721 | high | 7.8 | 2% | 2020 |
| CVE-2014-9630 | high | 7.8 | 1% | 2020 |
| CVE-2014-9629 | high | 7.8 | 2% | 2020 |
| CVE-2014-9628 | high | 7.8 | 2% | 2020 |
| CVE-2014-9627 | high | 7.8 | 1% | 2020 |
| CVE-2014-9626 | high | 7.8 | 1% | 2020 |
| CVE-2014-9625 | high | 7.8 | 2% | 2020 |
| CVE-2019-18278 | high | 7.8 | 0% | 2019 |
| CVE-2019-14970 | high | 7.8 | 2% | 2019 |
| CVE-2019-14778 | high | 7.8 | 1% | 2019 |
| CVE-2019-14777 | high | 7.8 | 1% | 2019 |
| CVE-2019-14776 | high | 7.8 | 1% | 2019 |
| CVE-2019-14533 | high | 7.8 | 1% | 2019 |
| CVE-2019-14535 | high | 7.8 | 1% | 2019 |
| CVE-2019-14498 | high | 7.8 | 2% | 2019 |
| CVE-2019-14438 | high | 7.8 | 2% | 2019 |
| CVE-2019-14437 | high | 7.8 | 2% | 2019 |
| CVE-2019-13602 | high | 7.8 | 2% | 2019 |
| CVE-2017-9301 | high | 7.8 | 3% | 2017 |
| CVE-2017-9300 | high | 7.8 | 3% | 2017 |
| CVE-2017-8311 | high | 7.8 | 9% | 2017 |
| CVE-2007-3467 | high | 7.8 | 3% | 2007 |
| CVE-2007-3468 | high | 7.8 | 3% | 2007 |
| CVE-2007-0256 | high | 7.8 | 12% | 2007 |
| CVE-2011-1087 | high | 7.6 | 8% | 2011 |
| CVE-2023-47360 | high | 7.5 | 1% | 2023 |
| CVE-2021-25804 | high | 7.5 | 2% | 2021 |
| CVE-2011-3623 | high | 7.5 | 4% | 2014 |
| CVE-2010-2062 | high | 7.5 | 4% | 2014 |
| CVE-2010-1445 | high | 7.5 | 3% | 2014 |
| CVE-2010-1444 | high | 7.5 | 4% | 2014 |
| CVE-2010-1442 | high | 7.5 | 3% | 2014 |
| CVE-2010-1441 | high | 7.5 | 3% | 2014 |
| CVE-2013-6934 | high | 7.5 | 28% | 2014 |
| CVE-2013-6283 | high | 7.5 | 10% | 2013 |
| CVE-2021-25803 | high | 7.1 | 1% | 2021 |
| CVE-2021-25802 | high | 7.1 | 1% | 2021 |
| CVE-2021-25801 | high | 7.1 | 2% | 2021 |
| CVE-2019-5459 | high | 7.1 | 3% | 2019 |
| CVE-2015-5949 | medium | 6.8 | 13% | 2015 |
| CVE-2014-9598 | medium | 6.8 | 6% | 2015 |
| CVE-2014-9597 | medium | 6.8 | 7% | 2015 |
| CVE-2013-4388 | medium | 6.8 | 4% | 2013 |
33 older / lower-severity CVEs not shown — see VLC media player's full record.
Is my VLC media player version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your VLC media player version → · Monitor VLC media player for new CVEs →
VLC media player vulnerabilities — frequently asked
How many known vulnerabilities does VLC media player have?
IsItPatched tracks 113 CVEs for VLC media player. 6 are critical-severity and 70 high-severity. These span every release line — what matters is whether the version you run is affected.
Does VLC media player have any actively-exploited vulnerabilities?
None of VLC media player's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.
What is the most severe VLC media player vulnerability?
Among tracked issues, CVE-2023-47359 (CRITICAL, CVSS 9.8) ranks highest — a Out-of-bounds write weakness.
Is VLC media player safe to use?
It depends on the version. The latest supported VLC media player release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: VLC media player security status · VLC media player end-of-life · actively-exploited CVEs. Always verify against VideoLAN's advisories — see our disclaimer.