Known Vulnerabilities for Hermes by Facebook

Listed below are 9 of the newest known vulnerabilities associated with "Hermes" by "Facebook".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-24045 A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.1... 9.8 - CRITICAL 2021-12-13 2021-12-15
CVE-2021-24044 By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions... 9.8 - CRITICAL 2022-01-15 2022-01-24
CVE-2021-24037 A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e a... 9.8 - CRITICAL 2021-06-15 2021-06-23
CVE-2020-1915 An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fc... 7.5 - HIGH 2020-10-26 2020-11-02
CVE-2020-1914 A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8... 9.8 - CRITICAL 2020-10-08 2023-11-07
CVE-2020-1913 An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e47... 8.1 - HIGH 2020-09-09 2020-09-15
CVE-2020-1912 An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior t... 8.1 - HIGH 2020-09-09 2023-11-07
CVE-2020-1911 A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Fac... 9.8 - CRITICAL 2020-09-04 2020-09-11
CVE-2020-1896 A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (h... 9.8 - CRITICAL 2021-02-02 2021-03-26

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationFacebookHermes2020-10-01AllAllAll
ApplicationFacebookHermes2020-09-25AllAllAll
ApplicationFacebookHermes0.7.2AllAllAll
ApplicationFacebookHermes0.7.1AllAllAll
ApplicationFacebookHermes0.7.0AllAllAll
ApplicationFacebookHermes0.6.0AllAllAll
ApplicationFacebookHermes0.5.3AllAllAll
ApplicationFacebookHermes0.5.2rc1AllAll
ApplicationFacebookHermes0.5.1AllAllAll
ApplicationFacebookHermes0.5.0AllAllAll
ApplicationFacebookHermes0.4.4AllAllAll
ApplicationFacebookHermes0.4.3AllAllAll
ApplicationFacebookHermes0.4.1AllAllAll
ApplicationFacebookHermes0.4.0AllAllAll
ApplicationFacebookHermes0.3.0AllAllAll
ApplicationFacebookHermes0.2.1AllAllAll
ApplicationFacebookHermes0.1.1AllAllAll
ApplicationFacebookHermes0.1.0AllAllAll
ApplicationFacebookHermes0.0.3AllAllAll
ApplicationFacebookHermes0.0.2AllAllAll
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report