Apple Safari vulnerabilities
1,546 known vulnerabilities affecting apple/safari.
Total CVEs
1,546
CISA KEV
27
actively exploited
Public exploits
145
Exploited in wild
21
Severity breakdown
CRITICAL211HIGH575MEDIUM741LOW19
Vulnerabilities
Page 5 of 78
CVE-2025-31223HIGHCVSS 8.0fixed in 18.52025-05-12
CVE-2025-31223 [HIGH] CWE-119 CVE-2025-31223: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
cvelistv5nvd
CVE-2025-31204HIGHCVSS 8.8fixed in 18.52025-05-12
CVE-2025-31204 [HIGH] CWE-119 CVE-2025-31204: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
cvelistv5nvd
CVE-2025-31238HIGHCVSS 7.3fixed in 18.52025-05-12
CVE-2025-31238 [HIGH] CWE-119 CVE-2025-31238: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
cvelistv5nvd
CVE-2025-31215MEDIUMCVSS 6.5fixed in 18.52025-05-12
CVE-2025-31215 [MEDIUM] CWE-20 CVE-2025-31215: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.
cvelistv5nvd
CVE-2025-31205MEDIUMCVSS 6.5fixed in 18.52025-05-12
CVE-2025-31205 [MEDIUM] CWE-352 CVE-2025-31205: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.
cvelistv5nvd
CVE-2025-31217MEDIUMCVSS 6.5fixed in 18.52025-05-12
CVE-2025-31217 [MEDIUM] CWE-20 CVE-2025-31217: The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5
The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-31206MEDIUMCVSS 4.3fixed in 18.52025-05-12
CVE-2025-31206 [MEDIUM] CWE-843 CVE-2025-31206: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-31257MEDIUMCVSS 4.7fixed in 18.52025-05-12
CVE-2025-31257 [MEDIUM] CWE-119 CVE-2025-31257: This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5
This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2023-42970HIGHCVSS 8.8fixed in 17.0≥ unspecified, < 172025-04-11
CVE-2023-42970 [HIGH] CWE-416 CVE-2023-42970: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2023-42875HIGHCVSS 7.3fixed in 17.0≥ unspecified, < 172025-04-11
CVE-2023-42875 [HIGH] CWE-94 CVE-2023-42875: Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadO
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.
cvelistv5nvd
CVE-2025-24264CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24264 [CRITICAL] CWE-400 CVE-2025-24264: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-24167CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24167 [CRITICAL] CVE-2025-24167: This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. A download's origin may be incorrectly associated.
cvelistv5nvd
CVE-2025-24180HIGHCVSS 8.1fixed in 18.42025-03-31
CVE-2025-24180 [HIGH] CWE-601 CVE-2025-24180: The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.
cvelistv5nvd
CVE-2025-24213HIGHCVSS 7.8fixed in 18.4fixed in 18.52025-03-31
CVE-2025-24213 [HIGH] CWE-843 CVE-2025-24213: This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 1
This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.
cvelistv5nvd
CVE-2025-31184HIGHCVSS 7.8fixed in 18.42025-03-31
CVE-2025-31184 [HIGH] CWE-281 CVE-2025-31184: This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.
cvelistv5nvd
CVE-2025-24209HIGHCVSS 7.0fixed in 18.42025-03-31
CVE-2025-24209 [HIGH] CWE-120 CVE-2025-24209: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 1
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.
cvelistv5nvd
CVE-2025-31192MEDIUMCVSS 6.7fixed in 18.42025-03-31
CVE-2025-31192 [MEDIUM] CWE-305 CVE-2025-31192: The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
cvelistv5nvd
CVE-2025-24216MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-24216 [MEDIUM] CWE-119 CVE-2025-24216: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-24192MEDIUMCVSS 6.5fixed in 18.42025-03-31
CVE-2025-24192 [MEDIUM] CVE-2025-24192: A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iO
A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.
cvelistv5nvd
CVE-2025-30467MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-30467 [MEDIUM] CWE-451 CVE-2025-30467: The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing.
cvelistv5nvd