CVE-2019-25695

A flaw was found in R. This local buffer overflow vulnerability allows a local attacker to execute arbitrary code. By injecting malicious input into the GUI Preferences language field, an attacker can trigger the overflow, leading to the execution of arbitrary commands...

RSEC-2026-1 Risk of Buffer Overflow Vulnerability when installed from source on Windows R < 4.2

Installing the png package from source on Windows could download and install an older version of libpng that has known vulnerabilities. On Windows R versions 4.2, building the png package will download an archived libpng 1.5.4 from 2011. Note that on R versions 4.2 or newer, libpng is bundled in...

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

Security update for git

This update for git fixes the following issues: Update to 2.51.0 UI, Workflows & Features Userdiff patterns for the R language have been added. Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. "git cat-file --batch" learns to understand...

Linux Distros Unpatched Vulnerability : CVE-2025-54956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

Civil Servants As Builders: Enabling Non-IT Staff to Develop Secure Python and R Tools

Current digital government literature focuses on professional in-house IT teams, specialized digital service teams, vendor-developed systems, or proprietary low-code/no-code tools. Almost no scholarship addresses a growing middle ground: technically skilled civil servants outside formal IT roles...

"Vcd2df" -- Leveraging Data Science Insights for Hardware Security Research

In this work, we hope to expand the universe of security practitioners of open-source hardware by creating a bridge from hardware design languages HDLs to data science languages like Python and R through novel libraries that convert VCD value change dump files into data frames, the expected input...

AZL-53471 CVE-2024-52338 affecting package libarrow for versions less than 15.0.0-7

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

R Language Vulnerable to Arbitrary Code Execution via Malicious RDS Files (v1.4.0–<4.4.0)

...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

SUSE CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when interacted...

[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide varie...

DEBIAN-CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

AZL-42792 CVE-2024-27322 affecting package R for versions less than 4.4.1-1

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

UBUNTU-CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

CVE-2024-27322

CVE-2024-27322 describes a deserialization vulnerability in R (1.4.0 through versions prior to 4.4.0) that can allow arbitrary code execution when a malicious RDS file or R package is opened or interacted with. Connected advisories consistently reference this issue across multiple platforms (Linu...

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...

CVE-2020-27637

The CVE-2020-27637 entry concerns the R language’s default package manager CRAN, affected by a path traversal vulnerability that can lead to server compromise. Affected are packages installed via the R CMD install CLI or install.packages(), with the underlying issue described as a path traversal ...

PT-2021-11413 · R · R

Name of the Vulnerable Software and Affected Versions: R versions prior to 4.0.3 Description: The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD...