Browse all 10 CVE security advisories affecting h2o. AI-powered Chinese analysis, POCs, and references for each vulnerability.
H2o serves as an open-source machine learning platform primarily used for training and deploying predictive models. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure deserialization. The platform's Java-based architecture and web interface have contributed to these security issues. While no major public security incidents have been widely reported, the 10 documented CVEs highlight consistent security challenges, particularly in authentication and data handling components. Organizations implementing H2o should prioritize regular updates and input sanitization to mitigate these recurring risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45402 | Picotls double free — picotlsCWE-415 | 8.6 | High | 2024-10-11 |
This page lists every published CVE security advisory associated with h2o. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.