| CVE-2026-42587 |
high |
7.5 |
7.5 |
|
|
|
16d ago |
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS |
| CVE-2026-42585 |
high |
7.5 |
7.5 |
|
|
|
16d ago |
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding |
| CVE-2026-33870 |
unknown |
— |
— |
|
|
|
2mo ago |
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing |
| CVE-2025-67735 |
unknown |
— |
— |
|
|
|
6mo ago |
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder |
| CVE-2025-58056 |
unknown |
— |
— |
|
|
|
9mo ago |
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions |
| CVE-2024-29025 |
unknown |
— |
— |
|
|
|
2y ago |
Netty's HttpPostRequestDecoder can OOM |
| CVE-2022-41915 |
unknown |
— |
— |
|
|
|
4y ago |
Netty vulnerable to HTTP Response splitting from assigning header value iterator |
| CVE-2019-20444 |
unknown |
— |
— |
|
|
|
6y ago |
HTTP Request Smuggling in Netty |