Vendor scorecard
NVIDIA Networking
NVIDIA Networking security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: nvidia
Product families
3
Open in latest
1
Inferred — see methodology
Last disclosure
Feb 24, 2026
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Cumulus / Switch OSRouting & Switchingcumulus_linux, onyx, mlnx-os… | 12 | 0 | 8.2.2300MED | ||
| BlueField DPURouting & Switchingbluefield_1_firmware, bluefield_2_ga_firmware, bluefield_2_lts_firmware… | 0 | 1 | 32.38.1002LOW | ||
| ConnectX AdaptersRouting & Switchingconnectx_firmware, connectx-5, connectx-6… | 0 | 0 | 35.1012LOW |
02
Recent CVEs
6 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-33181(opens NVD record) | High | 7.3 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | Feb 24, 2026 |
| CVE-2025-33180(opens NVD record) | High | 8.0 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | Feb 24, 2026 |
| CVE-2025-33179(opens NVD record) | High | 8.0 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. | Feb 24, 2026 |
| CVE-2024-0113(opens NVD record) | High | 7.5 | NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | Aug 12, 2024 |
| CVE-2024-0104(opens NVD record) | Medium | 4.2 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | Aug 8, 2024 |
| CVE-2024-0101(opens NVD record) | High | 7.5 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | Aug 8, 2024 |
6 CVEs · 3 product families