Windows 10 vulnerabilities: known CVEs & security history
Microsoft · Operating System · 2000 tracked CVEs · 11 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Windows 10 release lines — 2000 in total, with 11 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Windows 10's current status and the safe version to run.
Known Windows 10 CVEs
Actively-exploited and most-severe first. Showing the top 80 of 2000. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2016-4171⚡ exploited | critical | 9.8 | 20% | 2016 |
| CVE-2016-1019⚡ exploited | critical | 9.8 | 22% | 2016 |
| CVE-2017-11292⚡ exploited | high | 8.8 | 12% | 2017 |
| CVE-2016-7892⚡ exploited | high | 8.8 | 19% | 2016 |
| CVE-2016-7855⚡ exploited | high | 8.8 | 25% | 2016 |
| CVE-2016-1010⚡ exploited | high | 8.8 | 20% | 2016 |
| CVE-2015-2426⚡ exploited | high | 8.8 | 87% | 2015 |
| CVE-2018-15982⚡ exploited | high | 7.8 | 82% | 2019 |
| CVE-2018-5002⚡ exploited | high | 7.8 | 25% | 2018 |
| CVE-2018-4878⚡ exploited | high | 7.8 | 90% | 2018 |
| CVE-2015-1769⚡ exploited | medium | 6.6 | 4% | 2015 |
| CVE-2019-1365 | critical | 9.9 | 4% | 2019 |
| CVE-2019-8070 | critical | 9.8 | 6% | 2019 |
| CVE-2019-8069 | critical | 9.8 | 5% | 2019 |
| CVE-2019-1226 | critical | 9.8 | 8% | 2019 |
| CVE-2019-1222 | critical | 9.8 | 8% | 2019 |
| CVE-2019-1212 | critical | 9.8 | 7% | 2019 |
| CVE-2019-1182 | critical | 9.8 | 13% | 2019 |
| CVE-2019-1181 | critical | 9.8 | 75% | 2019 |
| CVE-2019-0736 | critical | 9.8 | 4% | 2019 |
| CVE-2019-7096 | critical | 9.8 | 6% | 2019 |
| CVE-2019-0786 | critical | 9.8 | 7% | 2019 |
| CVE-2019-0726 | critical | 9.8 | 54% | 2019 |
| CVE-2019-0698 | critical | 9.8 | 63% | 2019 |
| CVE-2019-0697 | critical | 9.8 | 30% | 2019 |
| CVE-2019-0626 | critical | 9.8 | 68% | 2019 |
| CVE-2019-0547 | critical | 9.8 | 71% | 2019 |
| CVE-2018-8626 | critical | 9.8 | 21% | 2018 |
| CVE-2018-8540 | critical | 9.8 | 22% | 2018 |
| CVE-2018-15981 | critical | 9.8 | 12% | 2018 |
| CVE-2018-8421 | critical | 9.8 | 29% | 2018 |
| CVE-2018-12828 | critical | 9.8 | 7% | 2018 |
| CVE-2018-12825 | critical | 9.8 | 7% | 2018 |
| CVE-2018-4944 | critical | 9.8 | 9% | 2018 |
| CVE-2018-4877 | critical | 9.8 | 9% | 2018 |
| CVE-2017-11899 | critical | 9.8 | 6% | 2017 |
| CVE-2017-3114 | critical | 9.8 | 6% | 2017 |
| CVE-2017-3112 | critical | 9.8 | 6% | 2017 |
| CVE-2017-11225 | critical | 9.8 | 6% | 2017 |
| CVE-2017-11215 | critical | 9.8 | 6% | 2017 |
| CVE-2017-11213 | critical | 9.8 | 7% | 2017 |
| CVE-2017-11282 | critical | 9.8 | 35% | 2017 |
| CVE-2017-11281 | critical | 9.8 | 34% | 2017 |
| CVE-2017-11771 | critical | 9.8 | 64% | 2017 |
| CVE-2017-8589 | critical | 9.8 | 26% | 2017 |
| CVE-2016-0959 | critical | 9.8 | 5% | 2017 |
| CVE-2017-3082 | critical | 9.8 | 12% | 2017 |
| CVE-2017-3081 | critical | 9.8 | 14% | 2017 |
| CVE-2017-3079 | critical | 9.8 | 7% | 2017 |
| CVE-2017-3078 | critical | 9.8 | 31% | 2017 |
| CVE-2017-3077 | critical | 9.8 | 22% | 2017 |
| CVE-2017-3076 | critical | 9.8 | 25% | 2017 |
| CVE-2017-3075 | critical | 9.8 | 9% | 2017 |
| CVE-2017-3063 | critical | 9.8 | 9% | 2017 |
| CVE-2017-3062 | critical | 9.8 | 10% | 2017 |
| CVE-2017-3061 | critical | 9.8 | 25% | 2017 |
| CVE-2017-3060 | critical | 9.8 | 8% | 2017 |
| CVE-2017-3059 | critical | 9.8 | 10% | 2017 |
| CVE-2016-7182 | critical | 9.8 | 30% | 2016 |
| CVE-2016-4163 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4162 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4161 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4160 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4138 | critical | 9.8 | 25% | 2016 |
| CVE-2016-4121 | critical | 9.8 | 10% | 2016 |
| CVE-2016-4120 | critical | 9.8 | 6% | 2016 |
| CVE-2016-3236 | critical | 9.8 | 78% | 2016 |
| CVE-2016-0088 | critical | 9.3 | 8% | 2016 |
| CVE-2016-3312 | critical | 9.1 | 10% | 2016 |
| CVE-2019-0938 | critical | 9 | 3% | 2019 |
| CVE-2017-0021 | critical | 9 | 2% | 2017 |
| CVE-2015-6108 | high | 9.3 | 26% | 2015 |
| CVE-2015-6107 | high | 9.3 | 18% | 2015 |
| CVE-2015-6104 | high | 9.3 | 35% | 2015 |
| CVE-2015-6103 | high | 9.3 | 35% | 2015 |
| CVE-2015-2515 | high | 9.3 | 29% | 2015 |
| CVE-2015-2530 | high | 9.3 | 16% | 2015 |
| CVE-2015-2519 | high | 9.3 | 14% | 2015 |
| CVE-2015-2514 | high | 9.3 | 15% | 2015 |
| CVE-2015-2513 | high | 9.3 | 19% | 2015 |
1920 older / lower-severity CVEs not shown — see Windows 10's full record.
Is my Windows 10 version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Windows 10 version → · Monitor Windows 10 for new CVEs →
Windows 10 vulnerabilities — frequently asked
How many known vulnerabilities does Windows 10 have?
IsItPatched tracks 2000 CVEs for Windows 10, 11 of which are actively exploited (CISA KEV). 62 are critical-severity and 1323 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Windows 10 have any actively-exploited vulnerabilities?
Yes — 11 Windows 10 CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (3 linked to ransomware). Patch these as a priority.
What is the most severe Windows 10 vulnerability?
Among tracked issues, CVE-2016-4171 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest.
Is Windows 10 safe to use?
It depends on the version. The latest supported Windows 10 release (10.0.28000) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Windows 10 security status · Windows 10 end-of-life · actively-exploited CVEs. Always verify against Microsoft's advisories — see our disclaimer.