Browse all 5 CVE security advisories affecting pion. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pion is a Go library primarily used for building WebRTC and peer-to-peer communication applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities due to improper input validation in its ICE, DTLS, and SRTP implementations. Cross-site scripting flaws have also been prevalent in its HTML/JavaScript components. The library has faced privilege escalation issues through insecure channel bindings and authentication bypasses in its connection establishment process. While no major public incidents have been documented, its five CVEs highlight consistent risks in handling untrusted data and cryptographic operations, particularly affecting applications that process media streams or establish direct connections between clients.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49140 | Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) — interceptorCWE-770 | 7.5 | High | 2025-06-09 |
This page lists every published CVE security advisory associated with pion. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.