Every CVE whose affected-product data names Facebook Proxygen, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-1897 — CVSS 9.8 (critical): A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error…
CVE-2019-11921 — CVSS 9.8 (critical): An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64…
CVE-2019-11940 — CVSS 9.8 (critical): In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the…
CVE-2018-6343 — CVSS 7.5 (high): Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when…
CVE-2021-24029 — CVSS 7.5 (high): A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed…
CVE-2025-55181 — CVSS 5.3 (medium): Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which…