diff --git a/include/onnxruntime/core/common/common.h b/include/onnxruntime/core/common/common.h
index c3ee05b790..2525da1ca9 100644
--- a/include/onnxruntime/core/common/common.h
+++ b/include/onnxruntime/core/common/common.h
@@ -289,4 +289,6 @@ inline std::string ToWideString(const std::string& s) { return s; }
 #define ORT_IF_CONSTEXPR if
 #endif
 
+constexpr size_t kMaxStrLen = 2048;
+
 }  // namespace onnxruntime
diff --git a/onnxruntime/core/codegen/common/utils.cc b/onnxruntime/core/codegen/common/utils.cc
index 2767f5ff93..9912df1868 100644
--- a/onnxruntime/core/codegen/common/utils.cc
+++ b/onnxruntime/core/codegen/common/utils.cc
@@ -31,7 +31,7 @@ std::unique_ptr<char[]> GetEnv(const char* var) {
   // to its caller and make distinguish between windows and linux, we return
   // a unique_ptr, and it will be destroyed automatically after the caller
   // completes.
-  size_t len_val = strlen(val) + 1;
+  size_t len_val = strnlen(val, onnxruntime::kMaxStrLen) + 1;
   auto p = std::make_unique<char[]>(len_val);
   // use explicit loop to get ride of VC's warning on unsafe copy
   for (size_t i = 0; i < len_val; ++i) {
diff --git a/onnxruntime/core/common/logging/capture.cc b/onnxruntime/core/common/logging/capture.cc
index 5909432b9d..67d92c1022 100644
--- a/onnxruntime/core/common/logging/capture.cc
+++ b/onnxruntime/core/common/logging/capture.cc
@@ -36,8 +36,12 @@ void Capture::ProcessPrintf(msvc_printf_check const char* format, va_list args)
     error = errno != 0;
     truncated = !error;
   }
+#else
+#ifdef __APPLE__
+  const int nbrcharacters = vsnprintf_l(message.data(), message.size(), nullptr, format, args);
 #else
   const int nbrcharacters = vsnprintf(message.data(), message.size(), format, args);
+#endif
   error = nbrcharacters < 0;
   truncated = (nbrcharacters >= 0 && static_cast<gsl::index>(nbrcharacters) > message.size());
 #endif
diff --git a/onnxruntime/core/framework/error_code.cc b/onnxruntime/core/framework/error_code.cc
index 02d5c4a1d3..0f805fcb16 100644
--- a/onnxruntime/core/framework/error_code.cc
+++ b/onnxruntime/core/framework/error_code.cc
@@ -23,7 +23,7 @@ struct OrtStatus {
 _Check_return_ _Ret_notnull_ OrtStatus* ORT_API_CALL OrtApis::CreateStatus(OrtErrorCode code,
                                                                            _In_z_ const char* msg) NO_EXCEPTION {
   assert(!(code == 0 && msg != nullptr));
-  SafeInt<size_t> clen(nullptr == msg ? 0 : strlen(msg));
+  SafeInt<size_t> clen(nullptr == msg ? 0 : strnlen(msg, onnxruntime::kMaxStrLen));
   OrtStatus* p = reinterpret_cast<OrtStatus*>(::malloc(sizeof(OrtStatus) + clen));
   if (p == nullptr) return nullptr;  // OOM. What we can do here? abort()?
   p->code = code;
diff --git a/onnxruntime/core/providers/coreml/builders/helper.cc b/onnxruntime/core/providers/coreml/builders/helper.cc
index f91b6f1f38..a8897f6995 100644
--- a/onnxruntime/core/providers/coreml/builders/helper.cc
+++ b/onnxruntime/core/providers/coreml/builders/helper.cc
@@ -120,7 +120,7 @@ bool HasNeuralEngine(const logging::Logger& logger) {
   // A12: iPhone XS (11,2), iPad Mini - 5th Gen (11,1)
   // A12X: iPad Pro - 3rd Gen (8,1)
   // For more information, see https://www.theiphonewiki.com/wiki/Models
-  size_t str_len = strlen(system_info.machine);
+  size_t str_len = strnlen(system_info.machine, onnxruntime::kMaxStrLen);
   if (str_len > 4 && strncmp("iPad", system_info.machine, 4) == 0) {
     const int major_version = atoi(system_info.machine + 4);
     has_neural_engine = major_version >= 8;  // There are no device between iPad 8 and 11.
@@ -143,4 +143,5 @@ bool HasNeuralEngine(const logging::Logger& logger) {
 }
 
 }  // namespace coreml
-}  // namespace onnxruntime
\ No newline at end of file
+}  // namespace onnxruntime
+
diff --git a/onnxruntime/test/common/utf8_util_test.cc b/onnxruntime/test/common/utf8_util_test.cc
index a6a9886f82..775d530903 100644
--- a/onnxruntime/test/common/utf8_util_test.cc
+++ b/onnxruntime/test/common/utf8_util_test.cc
@@ -31,7 +31,7 @@ TEST(Utf8UtilTest, Validate) {
   using namespace utf8_util;
   for (auto& s : samples) {
     size_t utf8_len = 0;
-    if (s.valid != utf8_validate(reinterpret_cast<const unsigned char*>(s.sequence), strlen(s.sequence), utf8_len)) {
+    if (s.valid != utf8_validate(reinterpret_cast<const unsigned char*>(s.sequence), strnlen(s.sequence, onnxruntime::kMaxStrLen), utf8_len)) {
       ASSERT_TRUE(false);
     } else {
       if (s.valid) {
diff --git a/onnxruntime/test/fuzzing/src/testlog.cpp b/onnxruntime/test/fuzzing/src/testlog.cpp
index 4104224f27..be1832d37e 100644
--- a/onnxruntime/test/fuzzing/src/testlog.cpp
+++ b/onnxruntime/test/fuzzing/src/testlog.cpp
@@ -145,7 +145,7 @@ namespace Logger
     {
         std::mbstate_t ps;
         size_t retVal;
-        size_t length_str = std::strlen(pStr);
+        size_t length_str = std::strnlen(pStr, onnxruntime::kMaxStrLen);
         mbsrtowcs_s(&retVal, nullptr, 0, &pStr, length_str, &ps );
         retVal += 1;
         auto ptr = std::make_unique<wchar_t[]>(retVal);
@@ -158,4 +158,4 @@ namespace Logger
         mbsrtowcs_s(&retVal, ptr.get(), retVal, &pStr, length_str, &ps );
         return std::wstring{ptr.get()};
     }
-}
\ No newline at end of file
+}
diff --git a/onnxruntime/test/shared_lib/test_inference.cc b/onnxruntime/test/shared_lib/test_inference.cc
index 382e7e1908..2ecf013f6a 100644
--- a/onnxruntime/test/shared_lib/test_inference.cc
+++ b/onnxruntime/test/shared_lib/test_inference.cc
@@ -1051,7 +1051,7 @@ TEST(CApiTest, get_string_tensor_element) {
   tensor.FillStringTensor(s, expected_len);
 
   auto expected_string = s[element_index];
-  size_t expected_string_len = strlen(expected_string);
+  size_t expected_string_len = strnlen(expected_string, onnxruntime::kMaxStrLen);
 
   std::string result(expected_string_len, '\0');
   tensor.GetStringTensorElement(expected_string_len, element_index, (void*)result.data());
@@ -1649,4 +1649,4 @@ TEST(CApiTest, TestConfigureTensorRTProviderOptions) {
   struct stat buffer;
   ASSERT_TRUE(stat(engine_cache_path, &buffer) == 0);
 }
-#endif
\ No newline at end of file
+#endif
diff --git a/onnxruntime/test/xctest/orttestmain.m b/onnxruntime/test/xctest/orttestmain.m
index bb8efb89b0..9db0a2bc11 100644
--- a/onnxruntime/test/xctest/orttestmain.m
+++ b/onnxruntime/test/xctest/orttestmain.m
@@ -2,9 +2,10 @@
 // Licensed under the MIT License.
 
 #import <UIKit/UIKit.h>
+static const size_t kMaxStrLen = 2048;
 
 static void set_test_rootdir(const char* image_path){
-    size_t n = strlen(image_path);
+    size_t n = strnlen(image_path, kMaxStrLen);
     for (; n >=0; n--) {
         if (image_path[n] == '/') {
             break;