Browse all 3 CVE security advisories affecting ClamAV. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ClamAV serves as an open-source antivirus engine primarily used for malware detection in email gateways and file systems. Historically, vulnerabilities have included remote code execution flaws in parsing engines, cross-site scripting in web interfaces, and privilege escalation through improper access controls. The project maintains a security-focused approach with regular updates, though past incidents involved buffer overflows in decompression routines and integer overflows in signature processing. With three current CVEs, ongoing maintenance addresses potential risks in its signature handling and scanning components, ensuring reliability for security-conscious deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-37167 | ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error — ClamBC | 8.4 | High | 2026-02-12 |
| CVE-2019-15961 | Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability — ClamAVCWE-20 | 7.5 | High | 2020-01-15 |
| CVE-2007-6745 | ClamAV 安全漏洞 — clamav | 9.8 | - | 2019-11-07 |
This page lists every published CVE security advisory associated with ClamAV. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.