Every CVE whose affected-product data names Apache Brpc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-31039 — CVSS 9.8 (critical): Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An…
CVE-2025-60021 — CVSS 9.8 (critical): Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows…
CVE-2024-23452 — CVSS 7.5 (high): Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request…
CVE-2025-54472 — CVSS 7.5 (high): Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the…
CVE-2025-59789 — CVSS 7.5 (high): Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the…
CVE-2023-45757 — CVSS 6.1 (medium): Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker…