Browse all 24 CVE security advisories affecting Avast. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AVAST operates primarily as a provider of consumer cybersecurity software, offering antivirus protection, network security tools, and privacy utilities to millions of users globally. Its extensive software portfolio, which includes desktop applications and browser extensions, has historically been susceptible to a variety of vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from complex codebases and third-party dependencies within its endpoint protection agents. Notable security incidents include the 2020 data breach where user data from its subsidiary, Jumpshot, was exposed, raising significant privacy concerns. With 24 recorded CVEs, the company faces ongoing challenges in maintaining robust security hygiene across its diverse product ecosystem, requiring continuous patching and rigorous code audits to mitigate risks associated with its widespread deployment in consumer environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-37037 | AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path — AVAST SecureLineCWE-428 | 7.8 | High | 2026-02-01 |
This page lists every published CVE security advisory associated with Avast. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.