nginx 1.5

Status EOLSupport 2013-05 – 2014-04Latest 1.5.13Vulnerabilities 23← All nginx versions
Critical 9.8 Unfixed
2016-02-15≤ 1.5.13

nginx: use-after-free during CNAME response processing in resolver

CVE
Critical 9.8 Unfixed
2021-06-06≤ 1.5.13

nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years

CVE
High 8.2 Unfixed
2026-03-24≤ 1.5.13

NGINX ngx_http_dav_module vulnerability

CVE
High 7.8 Unfixed
2026-03-24≤ 1.5.13

NGINX ngx_http_mp4_module vulnerability

CVE
High 7.8 Unfixed
2026-03-24≤ 1.5.13

NGINX ngx_http_mp4_module vulnerability

CVE
High 7.7 Unfixed
2021-06-01≤ 1.5.13

nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name

CVE
High 7.5 Unfixed
2026-03-24≤ 1.5.13

NGINX ngx_mail_auth_http_module vulnerability

CVE
High 7.5
2013-11-23< 1.5.6

CVE
High 7.5
2014-03-28< 1.5.11

nginx: heap-based buffer overflow in SPDY implementation

CVE
High 7.5 Unfixed
2016-02-15≤ 1.5.13

nginx: invalid pointer dereference in resolver

CVE
High 7.5 Unfixed
2016-06-07≤ 1.5.13

nginx: NULL pointer dereference while writing client request body

CVE
High 7.5 Unfixed
2017-07-13≤ 1.5.13

nginx: Integer overflow in nginx range filter module leading to memory disclosure

CVE
High 7.4 Unfixed
2022-03-23≤ 1.5.13

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

CVE
High 7.1 Unfixed
2022-10-19≤ 1.5.13

NGINX ngx_http_mp4_module vulnerability CVE-2022-41742

CVE
Medium 6.8 Unfixed
2014-12-29≥ 1.5.6 and ≤ 1.5.13

nginx: SMTP STARTTLS plaintext injection flaw

CVE
Medium 6.1 Unfixed
2018-11-07≤ 1.5.13

nginx: Denial of service and memory disclosure via mp4 module

CVE
Medium 5.9 Unfixed
2026-02-04≤ 1.5.13

NGINX vulnerability

CVE
Medium 5.3 Unfixed
2016-02-15≤ 1.5.13

nginx: Insufficient limits of CNAME resolution in resolver

CVE
Medium 5.3 Unfixed
2020-01-09≤ 1.5.13

nginx: HTTP request smuggling in configurations with URL redirect used as error_page

CVE
Medium 4.7 Unfixed
2024-08-14≤ 1.5.13

NGINX MP4 module vulnerability

CVE
Medium 4.3 Unfixed
2014-12-08≤ 1.5.13

nginx: virtual host confusion

CVE
Low 3.7 Unfixed
2026-03-24≤ 1.5.13

NGINX ngx_mail_proxy_module vulnerability

CVE
Low 3.7 Unfixed
2025-08-13≤ 1.5.13

NGINX ngx_mail_smtp_module vulnerability

CVE