Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

h2oai/h2o-3 — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in h2oai/h2o-3, with AI-generated Chinese analysis, references, and POCs.

Vendor: h2oai

CVE IDTitleCVSSSeverityPublished
CVE-2026-3960 Remote Code Execution in h2oai/h2o-3 CWE-94 9.8AICriticalAI2026-04-23
CVE-2024-5986 Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3 CWE-73 9.8AICriticalAI2026-02-02
CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3 CWE-502 9.8AICriticalAI2025-09-21
CVE-2025-5662 Deserialization Vulnerability in h2oai/h2o-3 CWE-502 9.8 -2025-09-02
CVE-2025-6507 Deserialization of Untrusted Data in h2oai/h2o-3 CWE-502 9.8 -2025-09-01
CVE-2024-10549 Denial of Service by ReDOS in h2oai/h2o-3 CWE-1333 7.5 -2025-03-20
CVE-2024-8062 Denial of Service in h2oai/h2o-3 CWE-1088 7.5 -2025-03-20
CVE-2024-7768 Denial of Service in h2oai/h2o-3 CWE-770 7.5 -2025-03-20
CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3 CWE-749 9.1 -2025-03-20
CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3 CWE-73 8.6 -2025-03-20
CVE-2024-10550 Denial of Service by ReDOS in h2oai/h2o-3 CWE-1333 7.5 -2025-03-20
CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3 CWE-36 7.5 -2025-03-20
CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3 CWE-94 9.1 -2025-03-20
CVE-2024-10553 Jdbc Deserialization in h2oai/h2o-3 CWE-502 9.8 -2025-03-20
CVE-2024-7765 Denial of Service in h2oai/h2o-3 CWE-409 7.5 -2025-03-20
CVE-2024-5979 Denial of Service via Invalid Argument in h2oai/h2o-3 CWE-94 7.5AIHighAI2024-06-27
CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3 CWE-22 4.3AIMediumAI2024-06-06
CVE-2024-1456 S3 Bucket Takeover in h2oai/h2o-3 CWE-840 9.8 -2024-04-16
CVE-2023-6569 External Control of File Name or Path in h2oai/h2o-3 CWE-73 7.1AIHighAI2023-12-14
CVE-2023-6013 H2O Local File Include CWE-79 5.4 -2023-11-16
CVE-2023-6017 H2O S3 Bucket Takeover CWE-840 9.3 -2023-11-16
CVE-2023-6038 Local File Inclusion in h2oai/h2o-3 CWE-862 7.5 -2023-11-16
CVE-2023-6016 H2O Remote Code Execution via POJO Model Import CWE-94 8.8 -2023-11-16

All 23 known CVE vulnerabilities affecting h2oai/h2o-3 with full Chinese analysis, references, and POCs where available.