Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 167

Browse all 167 CVE security advisories affecting OpenHarmony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenHarmony is an open-source operating system designed for distributed scenarios across smart devices, IoT, and industrial applications. Its architecture emphasizes modularity and scalability, allowing developers to tailor the system for diverse hardware constraints. Historically, the project has faced 167 recorded Common Vulnerabilities and Exposures (CVEs), with recurring issues primarily involving buffer overflows, use-after-free errors, and improper input validation. These flaws often lead to remote code execution or privilege escalation, particularly within the device communication and permission management modules. While no single catastrophic incident has defined its history, the high volume of CVEs highlights challenges in maintaining rigorous security standards across its fragmented ecosystem. The project relies on community-driven patches and formal verification efforts to mitigate risks, though the complexity of its distributed nature continues to present significant attack surface challenges for security researchers and administrators alike.

Top products by OpenHarmony: OpenHarmony
CVE IDTitleCVSSSeverityPublished
CVE-2025-27248 ai_neural_network_runtime has a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2025-05-06
CVE-2025-22886 distributeddatamgr_udmf has a memory leak vulnerability — OpenHarmonyCWE-401 3.3 Low2025-05-06
CVE-2025-27132 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 3.8 Low2025-05-06
CVE-2025-25218 third_party_mksh has a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2025-05-06
CVE-2025-27534 arkcompiler_ets_runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-04-07
CVE-2025-25057 third_party_NuttX has a memory leak vulnerability — OpenHarmonyCWE-401 3.3 Low2025-04-07
CVE-2025-24304 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 3.3 Low2025-04-07
CVE-2025-22851 Liteos_A has an integer overflow vulnerability — OpenHarmonyCWE-190 6.5 Medium2025-04-07
CVE-2025-22842 arkcompiler_ets_runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-04-07
CVE-2025-22452 arkcompiler_ets_runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-04-07
CVE-2025-20102 arkcompiler_ets_runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-04-07
CVE-2025-24309 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 3.8 Low2025-03-04
CVE-2025-24301 Arkcompiler Ets Runtime has an UAF vulnerability — OpenHarmonyCWE-416 3.8 Low2025-03-04
CVE-2025-23420 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 3.8 Low2025-03-04
CVE-2025-23418 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-03-04
CVE-2025-23414 Arkcompiler Ets Runtime has an UAF vulnerability — OpenHarmonyCWE-416 3.8 Low2025-03-04
CVE-2025-23409 Communication Dsoftbus has an UAF vulnerability — OpenHarmonyCWE-416 3.8 Low2025-03-04
CVE-2025-23240 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 3.8 Low2025-03-04
CVE-2025-23234 Arkcompiler Ets Runtime has a buffer overflow vulnerability — OpenHarmonyCWE-120 3.3 Low2025-03-04
CVE-2025-22897 Arkcompiler Ets Runtime has a buffer overflow vulnerability — OpenHarmonyCWE-120 3.3 Low2025-03-04
CVE-2025-22847 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-03-04
CVE-2025-22841 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-03-04
CVE-2025-22837 Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2025-03-04
CVE-2025-22835 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 3.8 Low2025-03-04
CVE-2025-22443 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-03-04
CVE-2025-21098 Liteos-A has an insecure storage of sensitive information vulnerability — OpenHarmonyCWE-922 5.5 Medium2025-03-04
CVE-2025-21097 Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2025-03-04
CVE-2025-21089 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 3.3 Low2025-03-04
CVE-2025-21084 Arkcompiler Ets Runtime has an NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.8 Low2025-03-04
CVE-2025-20626 Arkcompiler Ets Runtime has an UAF vulnerability — OpenHarmonyCWE-416 3.8 Low2025-03-04

This page lists every published CVE security advisory associated with OpenHarmony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.