winget packages with open CVEs

2,250 mapped packages currently have at least one open vulnerability. Ranked by critical CVEs published in the last 30 days, then total open CVEs, then install popularity. Updated 5/4/2026, 6:36:27 PM.

Microsoft Windows Desktop Runtime - 8.0.25 (arm64)
Microsoft Corporation · v8.0.25
80
open
Microsoft Windows Desktop Runtime - 8.0.25 (x86)
Microsoft Corporation · v8.0.25
80
open
Microsoft .NET Runtime 7.0
Microsoft Corporation · v7.0.20
80
open
Microsoft .NET SDK 5.0
Microsoft Corporation · v5.0.408
80
open
Microsoft .NET Windows Desktop Runtime 7.0
Microsoft Corporation · v7.0.20
80
open
Microsoft .NET SDK 11.0 Preview
Microsoft Corporation · v11.0.100-preview.3.26207.106
80
open
Microsoft .NET SDK 7.0
Microsoft Corporation · v7.0.410
80
open
Microsoft .NET Runtime 6.0
Microsoft Corporation · v6.0.36
80
open
Microsoft .NET Windows Desktop Runtime 10.0
Microsoft Corporation · v10.0.7
80
open
Microsoft .NET Runtime 5.0
Microsoft Corporation · v5.0.17
80
open
Microsoft .NET Windows Desktop Runtime 9.0
Microsoft Corporation · v9.0.15
80
open
Microsoft .NET Windows Desktop Runtime 5.0
Microsoft Corporation · v5.0.17
80
open
Microsoft Windows Desktop Runtime - 8.0.25 (x64)
Microsoft Corporation · v8.0.25
80
open
Microsoft .NET SDK 10.0
Microsoft Corporation · v10.0.203
80
open
Microsoft .NET SDK 8.0
Microsoft Corporation · v8.0.420
80
open
Microsoft .NET Runtime 10.0
Microsoft Corporation · v10.0.7
80
open
Microsoft .NET Windows Desktop Runtime 11.0 Preview
Microsoft Corporation · v11.0.0-preview.3.26207.106
80
open
Node.js 8
Node.js Foundation · v8.11.3
75
open
Node.js 23
Node.js Foundation · v23.11.0
75
open
Node.js 10
Node.js Foundation · v10.24.1
75
open
Node.js 20
Node.js Foundation · v20.20.2
75
open
Node.js (LTS)
Node.js Foundation · v24.15.0
75
open
Node.js 15
Node.js Foundation · v15.14.0
75
open
Node.js 4
Node.js Foundation · v4.8.7
75
open