quarkus

Security Risk Profile

/100

medium

Security Risk Score

Comprehensive risk assessment based on 48 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from January 15, 2019 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

7.2

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

53/100

medium

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

Input Validation

Infoleak

XSS

SQL Injection

XEE

Most Affected Products

1. Quarkus Quarkus63

2. redhat/eap7-wildfly50

3. redhat/eap7-jboss-server-migration48

4. redhat/eap7-wildfly-elytron47

5. redhat/eap7-undertow42

Recent Vulnerabilities

See more →

CVE-2026-39852

CVSS 8.8high

Quarkus authorization bypass via semicolon path normalization inconsistency

4/13/2026

CVE-2025-66560

CVSS 7.5high

Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

1/7/2026

CVE-2024-12225

CVSS 9.1critical

Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

12/5/2024🔧 No Patch

CVE-2023-6394

CVSS 9.1EPSS 0%critical

Quarkus: graphql operations over websockets bypass

11/30/2023

CVE-2023-6267

CVSS 9.8critical

Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

11/23/2023

CVE-2023-5720

CVSS 7.7EPSS 2%high

Quarkus: build env information disclosure via gradle plugin

10/23/2023🔧 No Patch

CVE-2023-4853

CVSS 8.1high

Quarkus: http security policy bypass

9/8/2023

CVE-2023-1584

CVSS 7.5high

Quarkus-oidc: id and access tokens leak via the authorization code flow

Monitor quarkus in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo