VYPR
Vendor

Uriparser

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2026-42371MedApr 27, 2026
    risk 0.26cvss 5.1epss 0.00

    uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.

  • CVE-2025-67899LowDec 14, 2025
    risk 0.19cvss 2.9epss 0.00

    uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

  • CVE-2026-44928LowMay 8, 2026
    risk 0.12cvss 2.9epss 0.00

    In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.

  • CVE-2026-44927LowMay 8, 2026
    risk 0.12cvss 2.9epss 0.00

    In uriparser before 1.0.2, there is pointer difference truncation to int in various places.

  • CVE-2024-34402May 3, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

  • CVE-2024-34403May 3, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

  • CVE-2021-46141Jan 6, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

  • CVE-2021-46142Jan 6, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

  • CVE-2018-20721Jan 16, 2019
    risk 0.00cvss epss 0.02

    URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

  • CVE-2018-19198Nov 12, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.

  • CVE-2018-19199Nov 12, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

  • CVE-2018-19200Nov 12, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

VYPR — Vulnerability Intelligence