Browse all 4 CVE security advisories affecting R-Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
R-Project is an open-source environment for statistical computing and graphics, widely used in data analysis and research. Historically, it has been susceptible to remote code execution vulnerabilities through insecure package installations and cross-site scripting flaws in web interfaces. Privilege escalation issues have also been documented in certain configurations. While no major security incidents have been widely reported, the project maintains four CVE records, primarily related to input validation weaknesses in its core components and contributed packages. Security remains a focus area as the project evolves to handle increasingly complex data workflows and integrations with other systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-25695 | R 3.4.4 Local Buffer Overflow Windows XP SP3 — RCWE-787 | 8.4 | High | 2026-04-12 |
| CVE-2018-25258 | RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass — RGuiCWE-434 | 8.4 | High | 2026-04-12 |
| CVE-2019-25656 | R i386 3.5.0 Local Buffer Overflow SEH — R i386CWE-787 | 8.4 | High | 2026-04-05 |
| CVE-2019-25485 | R 3.4.4 Windows x64 Buffer Overflow SEH DEP ASLR Bypass — RCWE-787 | 6.2 | Medium | 2026-03-11 |
This page lists every published CVE security advisory associated with R-Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.