CVE-2017-1000206: samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
CVE-2018-13843: ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue.
CVE-2018-13844: An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.
CVE-2018-13845: An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.