Http2
This hub aggregates every CVE we track for Http2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
4
High
1
In CISA KEV
Severity distribution
HIGH4MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Http2.
- CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net7.5
- CVE-2023-39325HTTP/2 rapid reset can cause excessive work in net/http7.5
- CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5
- CVE-2022-41723Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net7.5
- CVE-2022-41717Excessive memory growth in net/http and golang.org/x/net/http25.3
Product normalization is registry-driven with AI assist and human review. How it works