Jetty

This hub aggregates every CVE we track for Jetty, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jetty.

• CVE-2026-2332HTTP Request Smuggling via Chunked Extension Quoted-String Parsing7.4Apr 14, 2026
• CVE-2026-5795In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an ...7.4Apr 8, 2026
• CVE-2025-5115MadeYouReset HTTP/2 vulnerability7.5Aug 20, 2025
• CVE-2025-1948Eclipse Jetty HTTP clients can increase memory allocation7.5May 8, 2025
• CVE-2024-13009Eclipse Jetty GZIP buffer release7.2May 8, 2025
• CVE-2024-8184Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks5.9Oct 14, 2024
• CVE-2024-6762Jetty PushSessionCacheFilter can cause remote DoS attacks3.1Oct 14, 2024
• CVE-2024-6763Jetty URI parsing of invalid authority3.7Oct 14, 2024
• CVE-2024-9823Jetty DOS vulnerability on DosFilter5.3Oct 14, 2024
• CVE-2024-22201Jetty connection leaking on idle timeout when TCP congested7.5Feb 26, 2024
• CVE-2023-36478HTTP/2 HPACK integer overflow and buffer allocation7.5Oct 10, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-41900Jetty's OpenId Revoked authentication allows one request3.5Sep 15, 2023
• CVE-2023-40167Jetty accepts "+" prefixed value in Content-Length5.3Sep 15, 2023
• CVE-2023-36479Jetty vulnerable to errant command quoting in CGI Servlet3.5Sep 15, 2023