oracle CVE Vulnerabilities & Metrics

About oracle Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with oracle. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total oracle CVEs: 6833
Earliest CVE date: 06 Feb 1997, 05:00 UTC
Latest CVE date: 06 May 2026, 10:16 UTC

Latest CVE reference: CVE-2026-35255

Rolling Stats

30-day Count (Rolling): 106
365-day Count (Rolling): 326

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 8.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 8.67%

Critical oracle CVEs (CVSS ≥ 9) Over 20 Years

Range	Count
0.0-3.9	2478
4.0-6.9	6234
7.0-8.9	827
9.0-10.0	607

Top 5 Highest CVSS oracle CVEs

These are the five CVEs with the highest CVSS scores for oracle, sorted by severity first and recency.

CVE-2022-1292 oracle Published on 03 May 2022, 16:15 UTC (CVSS: 10.0)
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL reh...
CVE-2022-23221 oracle Published on 19 Jan 2022, 17:15 UTC (CVSS: 10.0)
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CVE-2021-42392 oracle Published on 10 Jan 2022, 14:10 UTC (CVSS: 10.0)
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
CVE-2021-2394 oracle Published on 21 Jul 2021, 15:15 UTC (CVSS: 10.0)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in tak...
CVE-2020-14343 oracle Published on 09 Feb 2021, 21:15 UTC (CVSS: 10.0)
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abus...

oracle CVE Vulnerabilities & Metrics

About oracle Security Exposure

Global CVE Overview

Rolling Stats

Variations & Growth

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical oracle CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

CVSS Range vs. Count

CVSS Distribution Chart

Top 5 Highest CVSS oracle CVEs