io.netty:netty-codec-http2 (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.netty:netty-codec-http2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2026-33871 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user…
CVE-2026-42587 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor…
CVE-2025-55163 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable…
CVE-2021-21295 — CVSS 5.9 (medium): Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance…
CVE-2021-21409 — CVSS 5.9 (medium): Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance…
CVE-2026-47244 — CVSS 5.3 (medium): Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final…
CVE-2026-48043 — CVSS 5.3 (medium): Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions…
CVE-2026-50560 — CVSS 5.3 (medium): Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final…