h2oai — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting h2oai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by h2oai:h2oai/h2o-3 h2o-3

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3960	Remote Code Execution in h2oai/h2o-3 — h2oai/h2o-3CWE-94	9.8^AI	Critical^AI	2026-04-23
CVE-2024-5986	Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3 — h2oai/h2o-3CWE-73	9.8^AI	Critical^AI	2026-02-02
CVE-2025-10769	h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization — h2o-3CWE-502	6.3	Medium	2025-09-21
CVE-2025-10768	h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization — h2o-3CWE-502	6.3	Medium	2025-09-21
CVE-2025-6544	Deserialization Vulnerability in h2oai/h2o-3 — h2oai/h2o-3CWE-502	9.8^AI	Critical^AI	2025-09-21
CVE-2025-5662	Deserialization Vulnerability in h2oai/h2o-3 — h2oai/h2o-3CWE-502	9.8	-	2025-09-02
CVE-2025-6507	Deserialization of Untrusted Data in h2oai/h2o-3 — h2oai/h2o-3CWE-502	9.8	-	2025-09-01
CVE-2024-10549	Denial of Service by ReDOS in h2oai/h2o-3 — h2oai/h2o-3CWE-1333	7.5	-	2025-03-20
CVE-2024-8062	Denial of Service in h2oai/h2o-3 — h2oai/h2o-3CWE-1088	7.5	-	2025-03-20
CVE-2024-7768	Denial of Service in h2oai/h2o-3 — h2oai/h2o-3CWE-770	7.5	-	2025-03-20
CVE-2024-6863	Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3 — h2oai/h2o-3CWE-749	9.1	-	2025-03-20
CVE-2024-8616	Arbitrary File Overwrite in h2oai/h2o-3 — h2oai/h2o-3CWE-73	8.6	-	2025-03-20
CVE-2024-10550	Denial of Service by ReDOS in h2oai/h2o-3 — h2oai/h2o-3CWE-1333	7.5	-	2025-03-20
CVE-2024-6854	Arbitrary File Overwrite in h2oai/h2o-3 — h2oai/h2o-3CWE-36	7.5	-	2025-03-20
CVE-2024-10572	Denial of Service and Arbitrary File Write in h2oai/h2o-3 — h2oai/h2o-3CWE-94	9.1	-	2025-03-20
CVE-2024-10553	Jdbc Deserialization in h2oai/h2o-3 — h2oai/h2o-3CWE-502	9.8	-	2025-03-20
CVE-2024-7765	Denial of Service in h2oai/h2o-3 — h2oai/h2o-3CWE-409	7.5	-	2025-03-20
CVE-2024-8862	h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization — h2o-3CWE-502	7.3	High	2024-09-14
CVE-2024-5979	Denial of Service via Invalid Argument in h2oai/h2o-3 — h2oai/h2o-3CWE-94	7.5^AI	High^AI	2024-06-27
CVE-2024-5550	Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3 — h2oai/h2o-3CWE-22	4.3^AI	Medium^AI	2024-06-06
CVE-2024-1456	S3 Bucket Takeover in h2oai/h2o-3 — h2oai/h2o-3CWE-840	9.8	-	2024-04-16
CVE-2023-6569	External Control of File Name or Path in h2oai/h2o-3 — h2oai/h2o-3CWE-73	7.1^AI	High^AI	2023-12-14
CVE-2023-6013	H2O Local File Include — h2oai/h2o-3CWE-79	5.4	-	2023-11-16
CVE-2023-6017	H2O S3 Bucket Takeover — h2oai/h2o-3CWE-840	9.3	-	2023-11-16
CVE-2023-6038	Local File Inclusion in h2oai/h2o-3 — h2oai/h2o-3CWE-862	7.5	-	2023-11-16
CVE-2023-6016	H2O Remote Code Execution via POJO Model Import — h2oai/h2o-3CWE-94	8.8	-	2023-11-16

This page lists every published CVE security advisory associated with h2oai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

h2oai — Vulnerabilities & Security Advisories 26