SecAlerts
CVE ListPricingSign Up
netty logo

netty

Security Risk Profile

45
/100
medium

Security Risk Score

Comprehensive risk assessment based on 83 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from April 30, 2014 to present

83
Total CVEs
48
Critical+High
1
Exploited
5
Unpatched

Threat Assessment

Avg CVSS
6.9
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
5
Critical/High
Risk Level
45/100
medium
⚠️ 1 Active Exploits 1 Zero-Days🆕 9Fresh (<7d)📈 24 in Last 30 Days

Severity Distribution

Critical
8
High
40
Medium
30
Low
2

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
7
2
CRLF Injection
5
3
Infoleak
4
4
XSS
4
5
Command Injection
2

Most Affected Products

1. Netty Netty199
2. redhat/eap7-netty38
3. Lightbend Play Framework38
4. playframework Play Framework36
5. Debian Debian Linux32

Recent Vulnerabilities

See more →
CVE-2026-50560
CVSS 6.9medium

Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

6/12/2026
CVE-2026-50020
CVSS 5.3medium

Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

6/12/2026
CVE-2026-50011
CVSS 7.5high

Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length

6/12/2026
CVE-2026-50010
CVSS 7.5high

Netty's wrapping plain trust manager silently disables hostname verification

6/12/2026
CVE-2026-50009
CVSS 4.8medium

Netty QUIC stateless reset token material exposed through header-visible connection IDs

6/12/2026
CVE-2026-48748
CVSS 7.5high

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

6/12/2026
CVE-2026-48059
CVSS 8.7high

Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

6/11/2026
CVE-2026-48043
CVSS 7.5high

netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

6/11/2026
CVE-2026-48006
CVSS 8.7high

Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

6/11/2026
CVE-2026-47691
CVSS 10.0critical

Netty has Insufficient Bailiwick Validation for NS Records

6/8/2026

Monitor netty in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

netty Security Vulnerabilities & Risk Score | 83 CVEs | SecAlerts - SecAlerts