Vulnerabilities

RC4 is especially vulnerable when the beginning of the output key-stream is not discarded, but RC4-dropN, being N a multiple of 256 is a improvement to solve this issue.
It is also vulnerable when non-random or related keys are used, because it can lead to very insecure system, such as WEP.
Erik Tews, Ralf-Philipp Weinmann, and Andrei Pychkine created a tool called aircrack-ptw, which cracks 104-bit RC4 used in 128-bit WEP in less than a minute.

The aircrack-ptw attack
“The aircrack team were able to extend Klein’s attack and optimize it for usage against WEP. Using this version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.”

The best such attack is due to Itsik Mantin and Adi Shamir who showed that the second output byte of the cipher was biased toward zero with probability 1/128 (instead of 1/256). This is due to the fact that if the third byte of the original state is zero, and the second byte is not equal to 2, then the second output byte is always zero. Such bias can be detected by observing 256 bytes.