io.vertx:vertx-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.vertx:vertx-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2018-12544 — CVSS 9.8 (critical): In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense…
CVE-2018-12541 — CVSS 6.5 (medium): In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the…
CVE-2024-1023 — CVSS 6.5 (medium): A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically…
CVE-2024-1300 — CVSS 5.4 (medium): A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an…
CVE-2018-12537 — CVSS 5.3 (medium): In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and…
CVE-2026-1002 — CVSS 5.3 (medium): The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using…
CVE-2026-6860 — CVSS 5.3 (medium): A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard…