Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how quarkus compares to other vendors in security performance

View Risk Score →

Quarkus QuarkusQuarkus authorization bypass via semicolon path normalization inconsistency

Risk 57
Severity
8.8
First published (updated )
CVE-2026-39852

Quarkus Quarkus RESTQuarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

Risk 43
Severity
7.5
First published (updated )
CVE-2025-66560

Red Hat QuarkusIo.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

Risk 66
Severity
9.1
First published (updated )
CVE-2024-12225

maven/io.quarkus:quarkus-smallrye-graphql-clientQuarkus: graphql operations over websockets bypass

Risk 48
Severity
9.1
EPSS
0.07%
First published (updated )
CVE-2023-6394

Quarkus QuarkusQuarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

Risk 91
Severity
9.8
First published (updated )
CVE-2023-6267
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Quarkus QuarkusQuarkus: build env information disclosure via gradle plugin

Risk 32
Severity
7.7
EPSS
2.42%
First published (updated )
CVE-2023-5720

maven/io.quarkus:quarkus-keycloak-authorizationQuarkus: http security policy bypass

Risk 79
Severity
8.1
First published (updated )
CVE-2023-4853

maven/io.quarkus:quarkus-oidcQuarkus-oidc: id and access tokens leak via the authorization code flow

Risk 46
Severity
7.5
First published (updated )
CVE-2023-1584

maven/io.quarkus.resteasy.reactive:resteasy-reactive-commonIn Quarkus' RESTEasy Reactive component, usage of File.createTempFile() class in the FileBodyHandler…

Risk 18
Severity
3.3
First published (updated )
CVE-2023-0481

redhat/quarkus-vertx-httpXSS, CSRF

Risk 39
Severity
6.1
First published (updated )
CVE-2023-0044
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Quarkus QuarkusQuarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET o…

Risk 72
Severity
7.5
First published (updated )
CVE-2022-4147

Quarkus QuarkusCode Injection

Risk 89
Severity
9.8
First published (updated )
CVE-2022-4116

redhat/candlepinIn FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur …

Risk 46
Severity
7.5
First published (updated )
CVE-2022-42003

redhat/eap7-jackson-databindIn FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a ch…

Risk 46
Severity
7.5
First published (updated )
CVE-2022-42004

Quarkus QuarkusIt was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to u…

Risk 86
Severity
9.8
First published (updated )
CVE-2022-2466
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/quarkusA flaw was found in Quarkus. The state and potentially associated permissions can leak from one web …

Risk 81
Severity
8.8
First published (updated )
CVE-2022-0981

PostgreSQL PostgreSQL JDBC driverUnchecked Class Instantiation when providing Plugin Classes

Risk 88
Severity
9.8
First published (updated )
CVE-2022-21724

IBM Data Virtualization on Cloud Pak for DataAn unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could …

Risk 63
Severity
6.6
First published (updated )
CVE-2022-21363

redhat/rh-sso7-keycloakHTTP fails to validate against control chars in header names which may lead to HTTP request smuggling

Risk 39
Severity
6.5
First published (updated )
CVE-2021-43797

Quarkus QuarkusMySQL Connector/J has no security check when external general entities are included in XML sources, …

Risk 57
Severity
7.9
First published (updated )
CVE-2021-2471
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Oracle Financial Services Enterprise Case ManagementTiming Attack Vulnerability for Apache Kafka Connect and Clients

Risk 37
Severity
5.9
First published (updated )
CVE-2021-38153

Oracle Banking Digital ExperienceLast updated 24 July 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2021-37137

Oracle Banking Digital ExperienceLast updated 24 July 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2021-37136

redhat/eap7-apache-cxfCrafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

Risk 45
Severity
7.5
First published (updated )
CVE-2021-37714

redhat/eap7-wildfly-elytronA flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled…

Risk 33
Severity
5.3
First published (updated )
CVE-2021-3642
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

IBM Cloud Pak for Business Automationblock repositories using http by default

Risk 69
Severity
9.1
First published (updated )
CVE-2021-26291

Gradle GradleRepository content filters do not work in Settings pluginManagement

Risk 67
Severity
8
First published (updated )
CVE-2021-29427

Gradle GradleInformation disclosure through temporary directory permissions

Risk 33
Severity
5.5
First published (updated )
CVE-2021-29429

Gradle GradleLocal privilege escalation through system temporary directory

Risk 75
Severity
8.8
First published (updated )
CVE-2021-29428

redhat/eap7-apache-commons-ioInput Validation

Risk 45
Severity
7.5
First published (updated )
CVE-2021-28170
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203