← Back

Google

google

13,751 CVEs • 235 products

Products (235)

Click to collapse
Toggle
Android
android
8,095 CVEs
Chrome
chrome
4,911 CVEs
Tensorflow
tensorflow
431 CVEs
Chrome Os
chrome_os
67 CVEs
V8
v8
33 CVEs
Asylo
asylo
16 CVEs
Blink
blink
12 CVEs
Picasa
picasa
11 CVEs
Mini Search Appliance
mini_search_appliance
8 CVEs
Search Appliance
search_appliance
7 CVEs
Cr 48 Chromebook
cr-48_chromebook
7 CVEs
Sketchup
sketchup
7 CVEs
Tunnelblick
tunnelblick
7 CVEs
Gvisor
gvisor
7 CVEs
Chromecast Firmware
chromecast_firmware
6 CVEs
Nest Cam Iq Indoor Firmware
nest_cam_iq_indoor_firmware
6 CVEs
Toolbar
toolbar
5 CVEs
Web Toolkit
web_toolkit
5 CVEs
Protobuf
protobuf
5 CVEs
Rendertron
rendertron
5 CVEs
Fuchsia
fuchsia
5 CVEs
Protobuf Java
protobuf-java
5 CVEs
Earth
earth
4 CVEs
App Engine Python Sdk
app_engine_python_sdk
4 CVEs
Fscrypt
fscrypt
4 CVEs
Protobuf Javalite
protobuf-javalite
4 CVEs
Android Sdk
android_sdk
3 CVEs
Guava
guava
3 CVEs
Monorail
monorail
3 CVEs
Guest Oslogin
guest-oslogin
3 CVEs
Gerrit
gerrit
3 CVEs
Protobuf Kotlin
protobuf-kotlin
3 CVEs
Linux And Chrome Os
linux_and_chrome_os
3 CVEs
Nest Wifi Point Firmware
nest_wifi_point_firmware
3 CVEs
Nest Wifi Pro Firmware
nest_wifi_pro_firmware
3 CVEs
Web Designer
web_designer
3 CVEs
Talk
talk
2 CVEs
Desktop
desktop
2 CVEs
Google Sketchup
google_sketchup
2 CVEs
Bionic
bionic
2 CVEs
Mod Pagespeed
mod_pagespeed
2 CVEs
Android Debug Bridge
android_debug_bridge
2 CVEs
Home Firmware
home_firmware
2 CVEs
Kubernetes Engine
kubernetes_engine
2 CVEs
Oauth Client Library For Java
oauth_client_library_for_java
2 CVEs
Flatbuffers
flatbuffers
2 CVEs
Bazel
bazel
2 CVEs
Google Protobuf
google-protobuf
2 CVEs
Firebase Php Jwt
firebase_php-jwt
2 CVEs
Google Play Services Software Development Kit
google_play_services_software_development_kit
2 CVEs
Protobuf Python
protobuf-python
2 CVEs
Protobuf Kotlin Lite
protobuf-kotlin-lite
2 CVEs
Web Stories
web_stories
2 CVEs
Nest Mini Firmware
nest_mini_firmware
2 CVEs
Nest Wifi Router Firmware
nest_wifi_router_firmware
2 CVEs
Updater
updater
2 CVEs
Nearby
nearby
2 CVEs
Api Search
api_search
1 CVE
Matter
matter
1 CVE
Custom Search Engine
custom_search_engine
1 CVE
Kml
kml
1 CVE
Google Apps
google_apps
1 CVE
Gears
gears
1 CVE
Idapython
idapython
1 CVE
Admob
admob
1 CVE
Checkout Php
checkout-php
1 CVE
Cityhash
cityhash
1 CVE
Chrome Frame
chrome_frame
1 CVE
Authenticator
authenticator
1 CVE
Glass
glass
1 CVE
Android Api
android_api
1 CVE
Search Appliance Software
search_appliance_software
1 CVE
Android Sdk Platform Tools
android_sdk_platform_tools
1 CVE
Android Browser
android_browser
1 CVE
Email
email
1 CVE
Play Services Sdk
play_services_sdk
1 CVE
Nexus 5x Firmware
nexus_5x_firmware
1 CVE
Nexus 6p Firmware
nexus_6p_firmware
1 CVE
Android One
android_one
1 CVE
Sfntly
sfntly
1 CVE
Skia
skia
1 CVE
Google I/o 2017
google_i/o_2017
1 CVE
News And Weather
news_and_weather
1 CVE
Pdfium
pdfium
1 CVE
Gmail
gmail
1 CVE
Santa
santa
1 CVE
Boringssl
boringssl
1 CVE
Cardboard
cardboard
1 CVE
Snappy
snappy
1 CVE
Api C++ Client
api_c++_client
1 CVE
Nexus 7 Firmware
nexus_7_firmware
1 CVE
Nexus 9 Firmware
nexus_9_firmware
1 CVE
Voice Builder
voice_builder
1 CVE
Google Cloud Platform Service Broker
google_cloud_platform_service_broker
1 CVE
Cloud Messaging Notification
cloud_messaging_notification
1 CVE
Gizmo5
gizmo5
1 CVE
Native Client
native_client
1 CVE
Closure Library
closure_library
1 CVE
Openthread
openthread
1 CVE
Chrome Launcher
chrome-launcher
1 CVE

CVEs (13,751)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-1277
4Debian
GoogleOpensuse+1 more
7Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+4 more
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of c...Show more
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.Show less
CVE-2015-1276
4Debian
GoogleOpensuse+1 more
7Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+4 more
May 6, 2026
Jul 23, 2015
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly...Show more
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.Show less
CVE-2015-1275
2Google
Opensuse
2Chrome
Opensuse
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted inten...Show more
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)."Show less
CVE-2015-1274
4Debian
GoogleOpensuse+1 more
6Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+3 more
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a...Show more
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.Show less
CVE-2015-1273
4Debian
GoogleOpensuse+1 more
7Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+4 more
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via inv...Show more
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.Show less
CVE-2015-1272
4Debian
GoogleOpensuse+1 more
7Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+4 more
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continu...Show more
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.Show less
CVE-2015-1271
4Debian
GoogleOpensuse+1 more
7Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+4 more
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have un...Show more
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.Show less
CVE-2015-1270
5Debian
GoogleOpensuse+2 more
8Chrome
Debian LinuxEnterprise Linux Desktop Supplementary+5 more
May 6, 2026
Jul 23, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows...Show more
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.Show less
CVE-2015-5380
3Google
IojsNodejs
3Io.js
Node.jsV8
May 6, 2026
Jul 9, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory availab...Show more
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.Show less
CVE-2015-1269
1Google
1Chrome
May 6, 2026
Jun 26, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, whic...Show more
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.Show less
CVE-2015-1268
1Google
1Chrome
May 6, 2026
Jun 26, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin...Show more
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.Show less
CVE-2015-1267
1Google
1Chrome
May 6, 2026
Jun 26, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...Show more
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.Show less
CVE-2015-1266
1Google
1Chrome
May 6, 2026
Jun 26, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows re...Show more
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.Show less
CVE-2015-3108
2Adobe
Google
5Air
Air SdkAir Sdk & Compiler+2 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe A...Show more
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.Show less
CVE-2015-3107
3Adobe
GoogleOpensuse
6Air
Air SdkAir Sdk & Compiler+3 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0....Show more
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.Show less
CVE-2015-3106
2Adobe
Google
5Air
Air SdkAir Sdk & Compiler+2 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0....Show more
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107.Show less
CVE-2015-3105
2Adobe
Google
5Air
Air SdkAir Sdk & Compiler+2 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe A...Show more
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Show less
CVE-2015-3104
2Adobe
Google
5Air
Air SdkAir Sdk & Compiler+2 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X...Show more
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2015-3103
2Adobe
Google
5Air
Air SdkAir Sdk & Compiler+2 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0....Show more
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107.Show less
CVE-2015-3102
2Adobe
Google
5Air
Air SdkAir Sdk & Compiler+2 more
May 6, 2026
Jun 10, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe A...Show more
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099.Show less