Known Vulnerabilities for products from Ocaml
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Ocaml".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45390 json | Not Provided | 2026-06-15 | 2026-06-16 | |
| CVE-2026-45389 json | Not Provided | 2026-06-15 | 2026-06-17 | |
| CVE-2026-45388 json | Not Provided | 2026-06-15 | 2026-06-16 | |
| CVE-2026-41082 json | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | Not Provided | 2026-04-16 | 2026-07-08 |
| CVE-2026-34353 json | In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrust... | Not Provided | 2026-03-27 | 2026-04-14 |
| CVE-2026-28364 json | In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote ... | Not Provided | 2026-02-27 | 2026-06-30 |
| CVE-2018-9838 json | The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which,... | 9.8 - CRITICAL | 2018-04-06 | 2020-07-27 |
| CVE-2017-9779 json | OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with mu... | 7.8 - HIGH | 2017-09-07 | 2019-10-03 |
| CVE-2017-9772 json | Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised pr... | 9.8 - CRITICAL | 2017-06-23 | 2019-10-03 |
| CVE-2015-8869 json | OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attack... | Not Provided | 2016-06-13 | 2026-05-06 |
| CVE-2009-2943 json | The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn fu... | Not Provided | 2009-10-22 | 2026-04-23 |
Known software with vulnerabilities from Ocaml
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ocaml | Ocaml | 4.02.3 |