Red hat build of quarkus

This hub aggregates every CVE we track for Red hat build of quarkus, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat build of quarkus.

• CVE-2024-4027Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks7.5Jan 30, 2026
• CVE-2024-3884Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded7.5Dec 3, 2025
• CVE-2025-58057Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack7.5Sep 3, 2025
• CVE-2024-12225Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass9.1May 6, 2025
• CVE-2025-2240Smallrye-fault-tolerance: smallrye fault tolerance7.5Mar 12, 2025
• CVE-2025-1634Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout7.5Feb 26, 2025
• CVE-2025-24970SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine7.5Feb 10, 2025
• CVE-2023-4639Undertow: cookie smuggling/spoofing7.4Nov 17, 2024
• CVE-2023-6841Keycloak: amount of attributes per object is not limited and it may lead to dos7.5Sep 10, 2024
• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2024-3653Undertow: learningpushhandler can lead to remote memory dos attacks5.3Jul 8, 2024
• CVE-2024-5971Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket7.5Jul 8, 2024
• CVE-2024-1726Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service5.3Apr 25, 2024
• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2024-1132Keycloak: path transversal in redirection validation8.1Apr 17, 2024