Aggregates CVE and security vulnerability intelligence across all openrobotics-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-3753 | A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.09% | 2025-07-17 | 2025-08-26 |
| CVE-2024-41921 | A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | [email protected] | 7.8 | 0.08% | 2025-07-17 | 2025-08-26 |
| CVE-2024-41148 | A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | [email protected] | 7.8 | 0.08% | 2025-07-17 | 2025-08-26 |
| CVE-2024-39835 | A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.10% | 2025-07-17 | 2025-08-26 |
| CVE-2024-39289 | A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code. | [email protected] | 7.8 | 0.09% | 2025-07-17 | 2025-08-26 |
| CVE-2024-39780 | A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. | [email protected] | 7.8 | 1.10% | 2025-04-02 | 2025-08-26 |
| CVE-2024-44856 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | [email protected] | 7.5 | 0.17% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44855 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | [email protected] | 7.5 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44854 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | [email protected] | 7.5 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44853 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | [email protected] | 7.5 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-44852 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | [email protected] | 9.8 | 0.18% | 2024-12-06 | 2024-12-17 |
| CVE-2024-41650 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | [email protected] | 9.8 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41649 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41648 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | [email protected] | 9.8 | 0.13% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41647 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41646 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41645 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-41644 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | [email protected] | 9.8 | 0.15% | 2024-12-06 | 2024-12-13 |
| CVE-2024-38927 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. | [email protected] | 9.8 | 0.14% | 2024-12-06 | 2024-12-17 |
| CVE-2024-38926 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. | [email protected] | 9.8 | 0.14% | 2024-12-06 | 2024-12-17 |