io.vertx:vertx-web (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.vertx:vertx-web, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2019-17640 — CVSS 9.8 (critical): In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1…
CVE-2018-12542 — CVSS 9.8 (critical): In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a…
CVE-2020-35217 — CVSS 8.8 (high): Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request…
CVE-2018-12540 — CVSS 8.8 (high): In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form…
CVE-2025-11965 — CVSS 7.5 (high): In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails…
CVE-2025-11966 — CVSS 6.4 (medium): In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted…
CVE-2023-24815 — CVSS 4.8 (medium): Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications…