Loading...
Loading...
Amazon Web Services (Security Bulletins)
Generated Jul 6, 2026Cohort: 9 vendors with ≥10 CVE advisoriesMethodology ↗
Total all-time: 93 CVEs with AWS Security Bulletins advisories. Source: NVD CVE records joined with vendor advisory publish dates.
65.6% of AWS Security Bulletins's 93 CVEs are CRITICAL or HIGH severity. Industry median: 42.7%. Source: NVD CVSS v3.1.
2 of 93 AWS Security Bulletins CVEs in the last 3 years are on CISA's Known Exploited Vulnerabilities catalog (2.1%). Industry median: 1.1%.
Source: CISA Known Exploited Vulnerabilities catalog (current snapshot). KEV listing means CISA observed active in-the-wild exploitation.
Median time from CVE disclosure to AWS Security Bulletins advisory: <1 day (p25 <1 day – p75 8 days). Industry median: 30 days.
Sample size: 50 CVE→advisory pairs over the last 3 years. Source: vendor advisory published_at minus CVE published.
Most-frequently mapped CWEs across AWS Security Bulletins's last 3 years of CVE disclosures. Source: NVD — CWE mapping per MITRE taxonomy.
Latest advisories published by AWS Security Bulletins, straight from the vendor's own feed. Severity labels are the vendor's — scales differ across vendors.
CVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin
CVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib
CVE-2026-13769 – Insecure file permissions in AWS CLI
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF
CVE-2026-12957 and CVE-2026-12958 - Issues in Language Servers for AWS and Amazon Q Developer Plugins
Issue with containerd CRI Plugin - CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262
CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
CVE-2026-11931 - Insecure Permissions on Authentication Token Cache File in Kiro IDE
Full advisory archive: /pulse/vendor-advisories →
Snapshot generated Jul 6, 2026. Industry medians refresh every 6 hours; raw vendor counts are queried live on each request.
Spot a factual error in this report?
Email [email protected] with the specific number you're disputing and a link to the authoritative source. We review every report and publish corrections on the methodology page.