Grpc

This hub aggregates every CVE we track for Grpc, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Grpc.

• CVE-2026-48853Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc9.8Jun 15, 2026
• CVE-2026-53430grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/17.5Jun 15, 2026
• CVE-2026-33186gRPC-Go has an authorization bypass via missing leading slash in :path9.1Mar 20, 2026
• CVE-2024-11407Denial of Service through Data corruption in gRPC-C++7.5Nov 26, 2024
• CVE-2024-7246HPACK table poisoning in gRPC C++, Python & Ruby5.3Aug 6, 2024
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-4785Denial of Service in gRPC Core7.5Sep 13, 2023
• CVE-2023-33953Denial-of-Service in gRPC7.5Aug 9, 2023
• CVE-2023-32731Information leak in gRPC7.4Jun 9, 2023
• CVE-2023-32732Denial-of-Service in gRPC5.3Jun 9, 2023
• CVE-2023-1428Denial-of-Service in gRPC7.5Jun 9, 2023
• CVE-2020-7768Prototype Pollution7.5Nov 11, 2020
• CVE-2017-9431Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.9.8Jun 5, 2017
• CVE-2017-8359Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.9.8Apr 30, 2017
• CVE-2017-7861Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.9.8Apr 14, 2017