Facebook Security Vulnerabilities (CVEs)
Track 29 security vulnerabilities affecting Facebook products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Multiple denial of service vulnerabilities in React Server Components allow attackers to crash servers or cause resource exhaustion by sending special...
Jan 26, 2026This vulnerability allows attackers to send specially crafted HTTP requests to React Server Components Server Function endpoints, causing unsafe deser...
Dec 12, 2025An information leak vulnerability in React Server Components allows attackers to retrieve source code of Server Functions via crafted HTTP requests. T...
Dec 11, 2025A pre-authentication denial of service vulnerability in React Server Components allows attackers to send specially crafted HTTP requests to Server Fun...
Dec 11, 2025A critical pre-authentication remote code execution vulnerability exists in React Server Components where unsafe deserialization of HTTP payloads allo...
Dec 3, 2025This vulnerability in Proxygen's HTTPQuicCoroSession allows an attacker to trigger an infinite loop and unbounded memory growth by sending HTTP reques...
Dec 2, 2025Meta Spark Studio versions before v176 automatically execute scripts from package.json files when opening projects, allowing arbitrary code execution....
Jan 16, 2024Katran, a high-performance layer 4 load balancer, could leak uninitialized kernel memory in IPv4 headers due to missing initialization of the Identifi...
Nov 28, 2023CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...
Oct 10, 2023CVE-2023-45239 is a critical remote code execution vulnerability in tac_plus authentication server. Attackers can inject shell commands through userna...
Oct 6, 2023A memory corruption vulnerability in Hermes JavaScript engine allows arbitrary code execution when converting BigInt to Number values. This affects Re...
May 18, 2023This vulnerability in the fizz TLS library allows remote attackers to cause denial of service by triggering a CHECK failure when client cipher adverti...
May 18, 2023CVE-2023-24833 is a use-after-free vulnerability in Hermes JavaScript engine's BigIntPrimitive addition that allows attackers to leak raw heap data fr...
May 18, 2023A type confusion vulnerability in Hermes JavaScript engine's TypedArray implementation allows arbitrary code execution when processing untrusted JavaS...
May 18, 2023CVE-2023-28753 is an integer overflow vulnerability in netconsd's parse_packet function that allows heap memory corruption with attacker-controlled da...
May 18, 2023This vulnerability in HHVM allows attackers to intercept or manipulate encrypted network communications by forcing the use of deprecated TLS 1.0 proto...
May 10, 2023This vulnerability in Hermes JavaScript engine allows attackers to cause type confusion by passing invalid JavaScript code with await/yield calls on n...
Jan 15, 2022A type confusion vulnerability in Facebook Hermes JavaScript engine prior to v0.10.0 could allow arbitrary code execution when processing untrusted Ja...
Dec 13, 2021CVE-2021-39207 is a YAML deserialization vulnerability in the ParlAI framework that allows arbitrary code execution when processing malicious YAML fil...
Sep 10, 2021This CVE describes an integer overflow vulnerability in Facebook's folly library that affects HHVM. An attacker can pass a controlled size when creati...
Jul 23, 2021This CVE describes a use-after-free vulnerability in the Hermes JavaScript engine that could allow attackers to execute arbitrary code by crafting mal...
Jun 15, 2021This vulnerability in Facebook Thrift's table-based serialization allows an invalid free operation that can crash applications or potentially lead to ...
Apr 14, 2021This Cross-Site Request Forgery (CSRF) vulnerability in the Facebook for WordPress plugin allows attackers to trick authenticated administrators into ...
Apr 12, 2021This CVE describes a denial-of-service vulnerability in mvfst and proxygen QUIC implementations where a specially crafted QUIC message triggers a fail...
Mar 15, 2021CVE-2020-1899 is a memory corruption vulnerability in HHVM's unserialize() function that allows accessing arbitrary memory addresses via the 'S' type ...
Mar 11, 2021CVE-2020-1900 is a use-after-free vulnerability in HHVM's object unserialization that occurs when dynamic properties are not properly pre-reserved in ...
Mar 11, 2021CVE-2020-1896 is a stack overflow vulnerability in Facebook Hermes JavaScript engine's 'builtin apply' function that could allow remote code execution...
Feb 2, 2021A logic vulnerability in Facebook Hermes JavaScript engine allows attackers to potentially read out of bounds or execute arbitrary code via crafted Ja...
Oct 8, 2020A type confusion vulnerability in Facebook's Hermes JavaScript engine allows attackers to potentially execute arbitrary code by crafting malicious Jav...
Sep 4, 2020Why Monitor Facebook Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 29+ known vulnerabilities affecting Facebook products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Facebook packages in under 60 seconds. No agents required - completely agentless scanning that works across Facebook deployments.
Free vulnerability database: Access detailed information about every Facebook CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Facebook CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
