Every CVE whose affected-product data names Riot-os Riot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2026-22213 — CVSS 9.8 (critical): RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The…
CVE-2023-24823 — CVSS 9.8 (critical): RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2021-27697 — CVSS 9.8 (critical): RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the…
CVE-2025-66647 — CVSS 9.8 (critical): RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other…
CVE-2021-27698 — CVSS 9.8 (critical): RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the…
CVE-2026-22214 — CVSS 9.8 (critical): RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to…
CVE-2020-15350 — CVSS 9.8 (critical): RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function…
CVE-2021-27357 — CVSS 9.8 (critical): RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.
CVE-2023-33975 — CVSS 9.8 (critical): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In…
CVE-2024-32017 — CVSS 9.8 (critical): RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit…
CVE-2023-24819 — CVSS 9.8 (critical): RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2019-1000006 — CVSS 9.8 (critical): RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an…
CVE-2025-53888 — CVSS 9.8 (critical): RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead…
CVE-2026-25139 — CVSS 9.1 (critical): RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other…
CVE-2024-32018 — CVSS 8.8 (high): RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit…
CVE-2024-31225 — CVSS 8.3 (high): RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit…
CVE-2023-33973 — CVSS 7.5 (high): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In…
CVE-2023-33974 — CVSS 7.5 (high): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In…
CVE-2024-52802 — CVSS 7.5 (high): RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in…
CVE-2024-53980 — CVSS 7.5 (high): RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other…
CVE-2025-66646 — CVSS 7.5 (high): RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other…
CVE-2026-27703 — CVSS 7.5 (high): RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other…
CVE-2019-15134 — CVSS 7.5 (high): RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for…
CVE-2019-15702 — CVSS 7.5 (high): In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a…
CVE-2019-16754 — CVSS 7.5 (high): RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a…
CVE-2019-17389 — CVSS 7.5 (high): In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive…
CVE-2021-31660 — CVSS 7.5 (high): RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain…
CVE-2021-31661 — CVSS 7.5 (high): RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain…
CVE-2021-31662 — CVSS 7.5 (high): RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain…
CVE-2021-31663 — CVSS 7.5 (high): RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain…
CVE-2021-31664 — CVSS 7.5 (high): RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain…
CVE-2023-24817 — CVSS 7.5 (high): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2023-24818 — CVSS 7.5 (high): RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2023-24820 — CVSS 7.5 (high): RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2023-24821 — CVSS 7.5 (high): RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2023-24822 — CVSS 7.5 (high): RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2023-24825 — CVSS 7.5 (high): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2021-27427 — CVSS 7.3 (high): RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory…
CVE-2023-24826 — CVSS 5.9 (medium): RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames…
CVE-2021-41061 — CVSS 5.5 (medium): In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by…