Skip to main content

Gravity

13 CVEs product

Monthly

CVE-2026-40504 CRITICAL PATCH Act Now

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.

Heap Overflow Buffer Overflow RCE Gravity
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2021-32285 MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32284 HIGH POC This Week

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-32283 MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32282 MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32281 HIGH POC This Week

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gravity
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2018-13795 HIGH POC This Week

Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gravity
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-1000173 CRITICAL POC Act Now

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-1000172 CRITICAL POC Act Now

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free RCE Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-1000075 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-1000074 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-1000073 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-1000072 CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gravity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gravity
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gravity
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gravity
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gravity
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gravity
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy