Hyper
This hub aggregates every CVE we track for Hyper, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
2
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH3CRITICAL2LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Hyper.
- CVE-2025-7074vercel hyper rimraf-standalone.js ignoreMap redos4.3
- CVE-2024-23741An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.9.8
- CVE-2023-26964An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a...7.5
- CVE-2022-31394Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.7.5
- CVE-2021-32715Lenient Parsing of Content-Length Header When Prefixed with Plus Sign3.1
- CVE-2021-32714Integer Overflow in Chunked Transfer-Encoding5.9
- CVE-2021-21299Multiple Transfer-Encoding headers misinterprets request payload4.8
- CVE-2020-35863An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback inter...9.8
- CVE-2017-18587An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.5.3
- CVE-2016-10932An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.4.8
- CVE-2016-6581A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack....7.5
Product normalization is registry-driven with AI assist and human review. How it works