| | CVE-2016-9256 |  F5 | high | 7.5 | 0.2%
| | In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permi… | May 9, 2017 | May 13, 2026 |
| | CVE-2016-9257 | F5 | medium | 6.1 | 0.3%
| | In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript int… | May 9, 2017 | May 13, 2026 |
| | CVE-2017-0302 | F5 | medium | 5.3 | 0.3%
| | In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access … | May 9, 2017 | May 13, 2026 |
| | CVE-2017-6137 | F5 | medium | 5.9 | 0.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, … | May 9, 2017 | May 13, 2026 |
| | CVE-2016-9250 | F5 | high | 7.5 | 0.6%
| | In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with … | May 10, 2017 | May 13, 2026 |
| | CVE-2016-7476 | F5 | high | 7.5 | 1.2%
| | The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller,… | May 11, 2017 | May 13, 2026 |
| | CVE-2017-6131 | F5 | critical | 9.8 | 0.8%
| | In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may con… | May 23, 2017 | May 13, 2026 |
| | CVE-2014-6031 | F5 | medium | 4.9 | 0.5%
| | Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 … | Jun 8, 2017 | May 13, 2026 |
| | CVE-2016-7469 | F5 | medium | 5.4 | 0.3%
| | A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change pa… | Jun 9, 2017 | May 13, 2026 |
| | CVE-2017-7529 | F5 | high | 7.5 | 91.9%
| | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerabili… | Jul 13, 2017 | May 13, 2026 |
| | CVE-2017-6147 | F5 | medium | 5.9 | 0.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 a… | Sep 18, 2017 | May 13, 2026 |
| | CVE-2017-6141 | F5 | medium | 5.9 | 0.6%
| | In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certa… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-6144 | F5 | high | 7.4 | 0.2%
| | In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-6145 | F5 | high | 7.3 | 0.4%
| | iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSaf… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-6165 | F5 | critical | 9.8 | 2.0%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 … | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-0303 | F5 | high | 7.5 | 2.4%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6157 | F5 | high | 8.1 | 6.9%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6159 | F5 | medium | 5.9 | 0.9%
| | F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software versi… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6160 | F5 | medium | 5.9 | 4.6%
| | In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a re… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6161 | F5 | medium | 5.3 | 2.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAc… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6162 | F5 | medium | 5.9 | 1.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websa… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6163 | F5 | medium | 5.9 | 1.5%
| | In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 1… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6168 | F5 | high | 7.4 | 76.2%
| | On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or … | Nov 17, 2017 | May 13, 2026 |
| | CVE-2017-6166 | F5 | medium | 5.9 | 1.2%
| | In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0… | Nov 22, 2017 | May 13, 2026 |
| | CVE-2017-0301 | F5 | high | 7.6 | 0.1%
| | In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 1… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-0304 | F5 | medium | 5.4 | 0.2%
| | A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6129 | F5 | high | 7.5 | 0.5%
| | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows c… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6132 | F5 | high | 7.5 | 2.2%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6133 | F5 | high | 7.5 | 0.6%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software vers… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6134 | F5 | medium | 6.5 | 1.4%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6135 | F5 | high | 7.5 | 0.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6136 | F5 | medium | 5.9 | 0.6%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6138 | F5 | high | 7.5 | 0.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6139 | F5 | medium | 5.9 | 0.4%
| | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system ap… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6140 | F5 | high | 7.5 | 0.6%
| | On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 445… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6151 | F5 | high | 7.5 | 0.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAc… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6164 | F5 | high | 8.1 | 2.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAc… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6167 | F5 | high | 7.5 | 0.3%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software vers… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2018-14634 | F5 | high | 7.8 | 25.7%
| ⚠ KEV | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg… | Sep 25, 2018 | Jan 27, 2026 |
| | CVE-2019-5436 | F5 | high | 7.8 | 13.3%
| | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libc… | May 28, 2019 | Apr 15, 2026 |
| | CVE-2023-29240 | F5 | medium | 5.4 | 0.1%
| | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files us… | May 3, 2023 | Jan 27, 2026 |
| | CVE-2024-32761 | F5 | medium | 6.5 | 0.3%
| | Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG… | May 8, 2024 | Feb 4, 2026 |
| | CVE-2025-23239 | F5 | high | 8.7 | 0.4%
| | When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote co… | Feb 5, 2025 | Feb 4, 2026 |
| | CVE-2025-23419 | F5 | medium | 4.3 | 0.6%
| | When multiple server blocks are configured to share the same IP address and port, an attacker can us… | Feb 5, 2025 | Jan 27, 2026 |
| | CVE-2025-24319 | F5 | medium | 6.5 | 0.3%
| | When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager… | Feb 5, 2025 | Feb 4, 2026 |
| | CVE-2025-54500 | F5 | medium | 5.3 | 0.1%
| | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control fr… | Aug 13, 2025 | Feb 4, 2026 |
| | CVE-2025-53521 | F5 | critical | 9.8 | 19.9%
| ⚠ KEV | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can le… | Oct 15, 2025 | Mar 31, 2026 |
| | CVE-2025-53868 | F5 | high | 8.7 | 0.0%
| | When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SF… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-54755 | F5 | medium | 4.9 | 0.2%
| | A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated att… | Oct 15, 2025 | Jan 27, 2026 |
| | CVE-2025-58153 | F5 | medium | 5.9 | 0.0%
| | Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware s… | Oct 15, 2025 | Feb 4, 2026 |