Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

radareorg — Vulnerabilities & Security Advisories 53

Browse all 53 CVE security advisories affecting radareorg. AI-powered Chinese analysis, POCs, and references for each vulnerability.

radareorg operates as a provider of reverse engineering frameworks and security analysis tools, primarily serving developers and security researchers who require low-level binary inspection capabilities. Historical vulnerability assessments indicate a pattern of common web application flaws, with Remote Code Execution (RCE) and Cross-Site Scripting (XSS) representing the most frequent attack vectors. These issues often stem from insufficient input validation within the platform’s administrative interfaces or web-based management consoles. While the core binary analysis engine remains relatively stable, the associated web components have historically exhibited privilege escalation risks, allowing unauthorized users to gain elevated access. Security audits reveal that many of the recorded Common Vulnerabilities and Exposures (CVEs) relate to outdated dependencies or misconfigured access controls rather than fundamental architectural defects. Consequently, maintaining strict patch management and enforcing robust authentication mechanisms are critical for mitigating the identified risks associated with this software ecosystem.

Top products by radareorg: radareorg/radare2 radare2
CVE IDTitleCVSSSeverityPublished
CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass — radare2CWE-78 9.8 Critical2026-04-23
CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink — radare2CWE-59 6.6 Medium2026-04-23
CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion — radare2CWE-22 7.1 High2026-04-23
CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names — radare2CWE-78 7.8 High2026-04-22
CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names — radare2CWE-78 7.8 High2026-04-17
CVE-2026-40499 radare2 < 6.1.4 Command Injection via PDB Parser print_gvars() — radare2CWE-78 7.8 -2026-04-15
CVE-2025-1864 Buffer Overflow and Potential Code Execution in Radare2 — radare2CWE-119 7.8 -2025-03-03
CVE-2025-1744 Out-of-bounds Write in radare2 — radare2CWE-787 7.8 -2025-02-28
CVE-2023-5686 Heap-based Buffer Overflow in radareorg/radare2 — radareorg/radare2CWE-122 7.8 -2023-10-20
CVE-2023-4322 Heap-based Buffer Overflow in radareorg/radare2 — radareorg/radare2CWE-122 7.8 -2023-08-14
CVE-2023-1605 Denial of Service in radareorg/radare2 — radareorg/radare2CWE-400 6.2 -2023-03-23
CVE-2023-0302 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in radareorg/radare2 — radareorg/radare2CWE-75 7.8 -2023-01-15
CVE-2022-4843 NULL Pointer Dereference in radareorg/radare2 — radareorg/radare2CWE-476 5.5 -2022-12-29
CVE-2022-4398 Integer Overflow or Wraparound in radareorg/radare2 — radareorg/radare2CWE-190 5.5 -2022-12-10
CVE-2022-1899 Out-of-bounds Read in radareorg/radare2 — radareorg/radare2CWE-125 7.7 -2022-05-26
CVE-2022-1809 Access of Uninitialized Pointer in radareorg/radare2 — radareorg/radare2CWE-824 7.1 -2022-05-21
CVE-2022-1714 Out-of-bounds Read in radareorg/radare2 — radareorg/radare2CWE-125 7.1 -2022-05-13
CVE-2022-1649 Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in radareorg/radare2 — radareorg/radare2CWE-476 7.1 -2022-05-10
CVE-2022-1451 Out-of-bounds Read in r_bin_java_constant_value_attr_new function in radareorg/radare2 — radareorg/radare2CWE-788 7.1 -2022-04-24
CVE-2022-1452 Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in radareorg/radare2 — radareorg/radare2CWE-125 7.1 -2022-04-24
CVE-2022-1444 heap-use-after-free in radareorg/radare2 — radareorg/radare2CWE-416 5.5 -2022-04-23
CVE-2022-1437 Heap-based Buffer Overflow in radareorg/radare2 — radareorg/radare2CWE-122 7.1 -2022-04-22
CVE-2022-1383 Heap-based Buffer Overflow in radareorg/radare2 — radareorg/radare2CWE-122 7.1 -2022-04-17
CVE-2022-1382 NULL Pointer Dereference in radareorg/radare2 — radareorg/radare2CWE-476 5.5 -2022-04-16
CVE-2022-1297 Out-of-bounds Read in r_bin_ne_get_entrypoints function in radareorg/radare2 — radareorg/radare2CWE-125 9.1 -2022-04-11
CVE-2022-1296 Out-of-bounds read in `r_bin_ne_get_relocs` function in radareorg/radare2 — radareorg/radare2CWE-125 8.1 -2022-04-11
CVE-2022-1284 heap-use-after-free in radareorg/radare2 — radareorg/radare2CWE-416 5.5 -2022-04-08
CVE-2022-1283 NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2 — radareorg/radare2CWE-476 5.5 -2022-04-08
CVE-2022-1240 Heap buffer overflow in libr/bin/format/mach0/mach0.c in radareorg/radare2 — radareorg/radare2CWE-122 7.8 -2022-04-06
CVE-2022-1237 Improper Validation of Array Index in radareorg/radare2 — radareorg/radare2CWE-129 7.8 -2022-04-06

This page lists every published CVE security advisory associated with radareorg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.