| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-59822 | Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section | http4s | http4s | - | - | 2025-09-23 18:54:43 | Deep Dive |
| CVE-2023-22465 | Http4s has fatal error parsing User-Agent and Server headers | http4s | http4s | High | 7.5 | 2023-01-04 15:30:04 | Deep Dive |
| CVE-2021-41084 | Response Splitting from unsanitized headers in http4s | http4s | http4s | High | 8.7 | 2021-09-21 17:20:14 | Deep Dive |
| CVE-2021-39185 | Default CORS config allows any origin with credentials | http4s | http4s | Critical | 9.1 | 2021-09-01 19:25:09 | Deep Dive |
| CVE-2021-32643 | StaticFile.fromUrl can leak presence of a directory | http4s | http4s | Medium | 5.8 | 2021-05-27 17:15:11 | Deep Dive |
| CVE-2021-21294 | Unbounded connection acceptance in http4s-blaze-server | http4s | http4s | High | 7.5 | 2021-02-02 21:40:19 | Deep Dive |
| CVE-2021-21293 | Unbounded connection acceptance leads to file handle exhaustion | http4s | blaze | High | 7.5 | 2021-02-02 21:35:17 | Deep Dive |
| CVE-2020-5280 | Local file inclusion vulnerability in http4s | http4s | http4s | High | 7.6 | 2020-03-25 17:45:17 | Deep Dive |