Apple Xcode vulnerabilities
95 known vulnerabilities affecting apple/xcode.
Total CVEs
95
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH51MEDIUM36LOW2
Vulnerabilities
Page 1 of 5
CVE-2026-28890MEDIUMCVSS 5.5fixed in 26.42026-03-25
CVE-2026-28890 [MEDIUM] CWE-125 CVE-2026-28890: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.
cvelistv5nvd
CVE-2026-28889MEDIUMCVSS 6.2fixed in 26.42026-03-25
CVE-2026-28889 [MEDIUM] CWE-269 CVE-2026-28889: A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. A
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
cvelistv5nvd
CVE-2025-31186LOWCVSS 3.3fixed in 16.32026-01-16
CVE-2025-31186 [LOW] CWE-284 CVE-2025-31186: A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. A
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
cvelistv5nvd
CVE-2025-43505HIGHCVSS 8.8fixed in 26.12025-11-04
CVE-2025-43505 [HIGH] CWE-787 CVE-2025-43505: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xc
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
cvelistv5nvd
CVE-2025-43504MEDIUMCVSS 4.9fixed in 26.12025-11-04
CVE-2025-43504 [MEDIUM] CWE-119 CVE-2025-43504: A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
cvelistv5nvd
CVE-2025-43371HIGHCVSS 8.2fixed in 26.0fixed in 262025-09-15
CVE-2025-43371 [HIGH] CWE-284 CVE-2025-43371: This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able t
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
cvelistv5nvd
CVE-2025-43263HIGHCVSS 7.1fixed in 26.0fixed in 262025-09-15
CVE-2025-43263 [HIGH] CWE-284 CVE-2025-43263: The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
cvelistv5nvd
CVE-2025-43370MEDIUMCVSS 4.0fixed in 26.0fixed in 262025-09-15
CVE-2025-43370 [MEDIUM] CWE-120 CVE-2025-43370: A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Proce
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
cvelistv5nvd
CVE-2025-43375MEDIUMCVSS 5.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43375 [MEDIUM] CWE-20 CVE-2025-43375: The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
cvelistv5nvd
CVE-2025-48384HIGHCVSS 8.0KEVfixed in 26.02025-07-08
CVE-2025-48384 [HIGH] CWE-59 CVE-2025-48384: Git is a fast, scalable, distributed revision control system with an unusually rich command set that
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost
nvd
CVE-2025-30441MEDIUMCVSS 5.5fixed in 16.32025-03-31
CVE-2025-30441 [MEDIUM] CWE-787 CVE-2025-30441: This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An ap
This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.
cvelistv5nvd
CVE-2025-24226MEDIUMCVSS 5.5fixed in 16.32025-03-31
CVE-2025-24226 [MEDIUM] CWE-200 CVE-2025-24226: The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
cvelistv5nvd
CVE-2024-44228HIGHCVSS 7.5fixed in 16.0fixed in 162024-10-28
CVE-2024-44228 [HIGH] CWE-276 CVE-2024-44228: This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
cvelistv5nvd
CVE-2024-44162HIGHCVSS 7.8fixed in 16.0fixed in 162024-09-17
CVE-2024-44162 [HIGH] CWE-863 CVE-2024-44162: This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.
cvelistv5nvd
CVE-2024-40862MEDIUMCVSS 5.3fixed in 16.0fixed in 162024-09-17
CVE-2024-40862 [MEDIUM] CWE-200 CVE-2024-40862: A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attack
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.
cvelistv5nvd
CVE-2024-44191MEDIUMCVSS 5.5fixed in 16.0fixed in 162024-09-17
CVE-2024-44191 [MEDIUM] CVE-2024-44191: This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.
This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth.
cvelistv5nvd
CVE-2024-23298MEDIUMCVSS 5.5fixed in 15.32024-03-15
CVE-2024-23298 [MEDIUM] CVE-2024-23298: A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An ap
A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An app may bypass Gatekeeper checks.
cvelistv5nvd
CVE-2023-32396HIGHCVSS 7.8fixed in 15.0≥ unspecified, < 152023-09-27
CVE-2023-32396 [HIGH] CVE-2023-32396: This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10,
This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.
cvelistv5nvd
CVE-2023-40391MEDIUMCVSS 5.5fixed in 15.0≥ unspecified, < 152023-09-27
CVE-2023-40391 [MEDIUM] CVE-2023-40391: The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iP
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.
cvelistv5nvd
CVE-2023-40435MEDIUMCVSS 5.5fixed in 15.0≥ unspecified, < 152023-09-27
CVE-2023-40435 [MEDIUM] CVE-2023-40435: This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may b
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.
cvelistv5nvd
1 / 5Next →