Xcode

This hub aggregates every CVE we track for Xcode, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Consumer Softwareon-premdesktop app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH50MEDIUM37CRITICAL6LOW2

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Xcode.

CVE-2026-28890An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.5.5Mar 25, 2026
CVE-2026-28889A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.6.2Mar 25, 2026
CVE-2025-31186A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.3.3Jan 16, 2026
CVE-2025-43504A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.4.9Nov 4, 2025
CVE-2025-43505An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.8.8Nov 4, 2025
CVE-2025-43375The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.5.5Sep 15, 2025
CVE-2025-43263The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.7.1Sep 15, 2025
CVE-2025-43371This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.8.2Sep 15, 2025
CVE-2025-43370A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.4.0Sep 15, 2025
CVE-2025-48384Git allows arbitrary code execution through broken config quotingKEV8.0Jul 8, 2025
CVE-2025-30441This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.5.5Mar 31, 2025
CVE-2025-24226The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.5.5Mar 31, 2025
CVE-2024-44228This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.7.5Oct 28, 2024
CVE-2024-44191This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An ap...5.5Sep 16, 2024
CVE-2024-40862A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.5.3Sep 16, 2024

Product normalization is registry-driven with AI assist and human review. How it works