Browse all 8 CVE security advisories affecting http4s. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59822 | Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section — http4sCWE-444 | 6.5AI | MediumAI | 2025-09-23 |
| CVE-2023-22465 | Http4s has fatal error parsing User-Agent and Server headers — http4sCWE-20 | 7.5 | High | 2023-01-04 |
| CVE-2021-41084 | Response Splitting from unsanitized headers in http4s — http4sCWE-918 | 8.7 | High | 2021-09-21 |
| CVE-2021-39185 | Default CORS config allows any origin with credentials — http4sCWE-346 | 9.1 | Critical | 2021-09-01 |
| CVE-2021-32643 | StaticFile.fromUrl can leak presence of a directory — http4sCWE-22 | 5.8 | Medium | 2021-05-27 |
| CVE-2021-21294 | Unbounded connection acceptance in http4s-blaze-server — http4sCWE-400 | 7.5 | High | 2021-02-02 |
| CVE-2021-21293 | Unbounded connection acceptance leads to file handle exhaustion — blazeCWE-400 | 7.5 | High | 2021-02-02 |
| CVE-2020-5280 | Local file inclusion vulnerability in http4s — http4sCWE-23 | 7.6 | High | 2020-03-25 |
This page lists every published CVE security advisory associated with http4s. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.