io.quarkus:quarkus-vertx-http (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.quarkus:quarkus-vertx-http, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-39852 — CVSS 8.2 (high): Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7…
CVE-2023-4853 — CVSS 8.1 (high): A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting…
CVE-2022-4147 — CVSS 7.5 (high): Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with…
CVE-2023-0044 — CVSS 6.1 (medium): If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead…