grpc
Security Risk Profile
46
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 18 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from April 14, 2017 to present
18
Total CVEs
12
Critical+High
1
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
7.5
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
46/100
medium
⚠️ 1 Active Exploits⚡ 1 Zero-Days
Severity Distribution
Critical
6High
6Medium
5Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
2Age Distribution
Common Weaknesses (CWE)
1
Buffer Overflow
2
2
Input Validation
1
3
Use After Free
1
Most Affected Products
1. gRPC gRPC30
2. Apache Tomcat14
3. Microsoft Windows 1011
4. rubygems/grpc10
5. pip/grpcio9
Recent Vulnerabilities
See more →CVE-2026-33186
CVSS 9.1EPSS 0%critical
gRPC-Go has an authorization bypass via missing leading slash in :path
3/18/2026
REDHAT-BUG-2329003
CVSS 4.0medium
11/26/2024🔧 No Patch
CVE-2024-11407
CVSS 7.5high
Denial of Service through Data corruption in gRPC-C++
11/26/2024
CVE-2024-7246
CVSS 6.3EPSS 0%medium
HPACK table poisoning in gRPC C++, Python & Ruby
8/6/2024
https://seclists.org/oss-sec/2023/q4/144
unknown
CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
10/18/2023🔧 No Patch
CVE-2023-44487
CVSS 7.5high
- Rapid Reset HTTP/2 vulnerability
10/9/2023⚠ Exploited⚡ Zero-Day
CVE-2023-4785
CVSS 7.5high
Denial of Service in gRPC Core
9/13/2023
CVE-2023-33953
CVSS 7.5high
Denial-of-Service in gRPC
8/9/2023
REDHAT-BUG-2214473
CVSS 4.0medium
6/13/2023🔧 No Patch
REDHAT-BUG-2214463
CVSS 4.0medium
6/13/2023🔧 No Patch
Monitor grpc in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.