NGINX CVE Version Checker
Check your NGINX version against known CVEs and security advisories
Enter your NGINX version and get an instant CVE report. Paste your config for condition-aware matching — CVEs that only apply when specific modules or directives are active are flagged separately. Local advisory database, no data sent anywhere.
How it works
Parse version
Normalizes any NGINX version format — nginx/1.24.0, nginx version: nginx/1.24.0, or plain 1.24.0
CVE matching
Compares parsed version against the local advisory database using semantic version ranges from official advisories
Config context
If you paste your config, CVEs with conditions (HTTP/2, mp4 module, resolver) are confirmed or marked conditional
Report
Each matched CVE includes severity, CVSS score, fixed version, remediation steps, and links to official references
CVE database coverage
2026
—CVE-2026-1642 — SSL upstream injection
2025
—CVE-2025-23419 — TLS session reuse
2024
—CVE-2024-7347 — mp4 module OOB read
2023
—CVE-2023-44487 — HTTP/2 Rapid Reset (DDoS)
—CVE-2023-44488 — QUIC memory corruption
2022
—CVE-2022-41741, CVE-2022-41742 — mp4 module corruption
2021
—CVE-2021-23017 — DNS resolver heap overwrite (RCE risk)
2019–2018
—HTTP/2 DoS series (5 CVEs)
—CVE-2019-20372 — request smuggling
2013–2017
—CVE-2013-2028 — chunked overflow (Critical RCE)
—CVE-2017-7529 — range filter info leak