Known Vulnerabilities for products from Quarkus
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Quarkus".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40180 json | Not Provided | 2026-04-10 | 2026-04-13 | |
| CVE-2025-1634 json | Not Provided | 2025-02-26 | 2026-04-20 | |
| CVE-2023-6267 json | 9.8 - CRITICAL | 2024-01-25 | 2024-01-31 | |
| CVE-2023-5720 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-15 | 2023-11-30 |
| CVE-2023-4853 json | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when acc... | 8.1 - HIGH | 2023-09-20 | 2023-12-05 |
| CVE-2023-1584 json | A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure ... | 7.5 - HIGH | 2023-10-04 | 2023-11-07 |
| CVE-2023-0481 json | In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which ... | 3.3 - LOW | 2023-02-24 | 2023-03-07 |
| CVE-2023-0044 json | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated whic... | 6.1 - MEDIUM | 2023-02-23 | 2023-03-03 |
| CVE-2022-42004 json | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._... | 7.5 - HIGH | 2022-10-02 | 2022-12-02 |
| CVE-2022-42003 json | In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive valu... | 7.5 - HIGH | 2022-10-02 | 2023-12-20 |
| CVE-2022-21724 json | pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doin... | 9.8 - CRITICAL | 2022-02-02 | 2023-11-07 |
| CVE-2022-21363 json | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected ... | 6.6 - MEDIUM | 2022-01-19 | 2022-05-27 |
| CVE-2022-4147 json | Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with... | 7.5 - HIGH | 2022-12-06 | 2022-12-12 |
| CVE-2022-4116 json | A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by loca... | 9.8 - CRITICAL | 2022-11-22 | 2023-08-08 |
| CVE-2022-2466 json | It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. | 9.8 - CRITICAL | 2022-08-31 | 2022-09-06 |
| CVE-2022-0981 json | A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in Res... | 8.8 - HIGH | 2022-03-23 | 2022-03-29 |
| CVE-2021-43797 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2021-12-09 | 2023-02-24 |
| CVE-2021-38153 json | Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that... | 5.9 - MEDIUM | 2021-09-22 | 2023-11-07 |
| CVE-2021-37714 json | jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may ... | 7.5 - HIGH | 2021-08-18 | 2023-11-07 |
| CVE-2021-37137 json | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it ... | 7.5 - HIGH | 2021-10-19 | 2023-11-07 |
Known software with vulnerabilities from Quarkus
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Quarkus | Gizmo | 1.0.0 |
| Application | Quarkus | Quarkus | 0.0.1 |
| Application | Quarkus | Quarkus-http | 3.0.0 |
| Application | Quarkus | Quarkus-security | 1.0.0 |