Known Vulnerabilities for Hermes by Facebook
Listed below are 10 of the newest known vulnerabilities associated with "Hermes" by "Facebook".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-7397 json | A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of th... | Not Provided | 2026-04-29 | 2026-04-29 |
| CVE-2026-7396 json | A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of th... | Not Provided | 2026-04-29 | 2026-04-29 |
| CVE-2026-7113 json | A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the fil... | Not Provided | 2026-04-27 | 2026-04-27 |
| CVE-2026-7112 json | A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth... | Not Provided | 2026-04-27 | 2026-04-27 |
| CVE-2026-6832 json | Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated ... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2026-6830 json | nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environme... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2026-6829 json | nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a ... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2023-30470 json | A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to c... | 9.8 - CRITICAL | 2023-05-18 | 2023-11-07 |
| CVE-2023-28081 json | A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-... | 9.8 - CRITICAL | 2023-05-18 | 2023-11-07 |
| CVE-2023-25933 json | A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicio... | 9.8 - CRITICAL | 2023-05-18 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hermes | 2020-10-01 | ||||
| Application | Hermes | 2020-09-25 | ||||
| Application | Hermes | 0.7.2 | ||||
| Application | Hermes | 0.7.1 | ||||
| Application | Hermes | 0.7.0 | ||||
| Application | Hermes | 0.6.0 | ||||
| Application | Hermes | 0.5.3 | ||||
| Application | Hermes | 0.5.2 | ||||
| Application | Hermes | 0.5.1 | ||||
| Application | Hermes | 0.5.0 | ||||
| Application | Hermes | 0.4.4 | ||||
| Application | Hermes | 0.4.3 | ||||
| Application | Hermes | 0.4.1 | ||||
| Application | Hermes | 0.4.0 | ||||
| Application | Hermes | 0.3.0 | ||||
| Application | Hermes | 0.2.1 | ||||
| Application | Hermes | 0.1.1 | ||||
| Application | Hermes | 0.1.0 | ||||
| Application | Hermes | 0.0.3 | ||||
| Application | Hermes | 0.0.2 |