Eclipse vert.x
This hub aggregates every CVE we track for Eclipse vert.x, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM4CRITICAL3HIGH2
Monthly trend
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Eclipse vert.x.
- CVE-2026-6860A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate acc...5.3
- CVE-2026-1002Eclipse Vert.x Web static handler file access denial5.3
- CVE-2024-8391Eclipse Vert.x gRPC server does not limit the maximum message size7.5
- CVE-2019-17640In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't corre...9.8
- CVE-2018-12544In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when t...9.8
- CVE-2018-12542In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\'...9.8
- CVE-2018-12541In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. Ther...6.5
- CVE-2018-12537In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfil...5.3
- CVE-2018-12540In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issu...8.8
Product normalization is registry-driven with AI assist and human review. How it works