Ember - 19 CVEs (Page 1/1)

About “Ember”

A curated feed of “Ember”-related CVEs appears below. We currently track 19 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 5.9 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-252 - Unchecked Return Value.

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: emberjs

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	EOL	LTS
6.11	2026-03-06	6.11.1	Unavailable	-
6.10	2026-02-06	6.10.1	2026-03-06	2026-03-06 Expired
6.9	2026-01-09	6.9.0	2026-02-06	2026-02-06 Expired
6.8	2025-10-25	6.8.4	2026-06-23	2026-12-08	LTS
6.7	2025-09-01	6.7.0	2025-10-25	2025-10-25 Expired
6.6	2025-07-21	6.6.0	2025-09-03	2025-09-03 Expired
6.5	2025-06-09	6.5.0	2025-09-01	2025-09-01 Expired
6.4	2025-04-28	6.4.0	2026-01-05	2026-06-22 Soon	LTS
6.3	2025-03-17	6.3.0	2025-05-26	2025-05-26 Expired
6.2	2025-02-03	6.2.0	2025-03-28	2025-03-28 Expired
6.1	2024-12-23	6.1.0	2025-02-22	2025-02-22 Expired
6.0	2024-11-12	6.0.1	2024-12-28	2024-12-28 Expired
5.12	2024-09-30	5.12.0	2025-04-28	2025-10-13 Expired	LTS
5.11	2024-08-19	5.11.1	2024-10-04	2024-10-04 Expired
5.10	2024-07-08	5.10.2	2024-08-19	2024-08-19 Expired
5.9	2024-06-03	5.9.0	2024-07-08	2024-07-08 Expired
5.8	2024-04-15	5.8.0	2024-12-30	2025-06-16 Expired	LTS
5.7	2024-03-04	5.7.0	2024-04-20	2024-04-20 Expired
5.6	2024-01-22	5.6.0	2024-03-04	2024-03-04 Expired
5.5	2023-12-11	5.5.0	2024-01-22	2024-01-22 Expired
5.4	2023-10-30	5.4.1	2024-07-08	2024-12-23 Expired	LTS
5.3	2023-09-18	5.3.0	2024-07-07	2024-12-22 Expired
5.2	2023-08-07	5.2.0	2023-09-21	2023-09-21 Expired
5.1	2023-06-26	5.1.2	2023-08-07	2023-08-07 Expired
5.0	2023-05-15	5.0.0	2023-07-08	2023-07-08 Expired
4.12	2023-04-03	4.12.4	2023-12-10	2024-05-26 Expired	LTS
4.8	2022-10-17	4.8.6	2023-07-06	2023-12-21 Expired	LTS
4.4	2022-05-03	4.4.5	2023-02-08	2023-07-26 Expired	LTS
3.28	2021-08-10	3.28.12	2022-07-18	2023-01-02 Expired	LTS
3.24	2020-12-28	3.24.7	2021-09-23	2022-03-10 Expired	LTS
3.20	2020-07-13	3.20.7	2021-03-31	2021-09-15 Expired	LTS
3.16	2020-01-20	3.16.10	2020-10-12	2021-03-29 Expired	LTS
3.12	2019-08-06	3.12.4	2020-04-22	2020-10-07 Expired	LTS
3.8	2019-02-18	3.8.3	2019-11-06	2020-04-22 Expired	LTS
3.4	2018-08-28	3.4.8	2019-05-13	2019-10-28 Expired	LTS
2.18	2018-01-01	2.18.3	2018-09-12	2019-02-27 Expired	LTS
2.16	2017-10-10	2.16.4	2018-06-18	2018-12-03 Expired	LTS
2.12	2017-03-15	2.12.2	2017-11-25	2018-05-12 Expired	LTS
2.8	2016-09-09	2.8.3	2017-05-15	2017-10-30 Expired	LTS
2.4	2016-02-29	2.4.6	2016-11-07	2017-04-24 Expired	LTS

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Ember” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-07-30

Medium

CVE-2025-1394

The Ember ZNet stack’s packet buffer manager may read out of bound memory leading to an assert, causing a Denial of Service (DoS).

CVSS: 5.9 CWE: CWE-252 - Unchecked Return Value View on NVD

2025-01-28

Medium

CVE-2024-6351

A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert

CVSS: 4.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

2025-01-13

Medium

CVE-2024-6352

A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert

CVSS: 4.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

2024-02-23

Medium

CVE-2023-51394

High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.

CVSS: 5.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD

Medium

CVE-2023-51393

Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko S…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD

Medium

CVE-2023-51392

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis si…

CVSS: 6.2 CWE: CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation View on NVD

2024-02-05

High

CVE-2023-6874

Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD

2023-10-26

Medium

CVE-2023-41096

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored i…

CVSS: 6.8 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD

2023-10-04

Critical

CVE-2023-41094

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsi…

CVSS: 10.0 CWE: CWE-940 - Improper Verification of Source of a Communication Channel View on NVD

2022-11-18

Medium

CVE-2022-24939

A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.

CVSS: 5.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2022-11-14

Medium

CVE-2022-24938

A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

Medium

CVE-2022-24937

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2022-06-30

Medium

CVE-2013-4170

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into su…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2018-02-15

Medium

CVE-2014-0014

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leverag…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2014-0013

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2017-09-20

Medium

CVE-2015-1866

Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2017-04-13

Medium

CVE-2015-7565

Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2014-02-27

Low

CVE-2014-0046

Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2010-10-20

Medium

CVE-2010-3355

Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9 CWE: N/A View on NVD