Browse all 8 CVE security advisories affecting http4s. AI-powered Chinese analysis, POCs, and references for each vulnerability.
http4s is a functional Scala library for building HTTP servers and clients, primarily used in backend services and microservices architectures. Historically, its vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major security incidents have been widely documented, the 8 recorded CVEs highlight potential risks in areas like request handling and dependency management. The library's functional design provides some inherent security benefits through immutability, but developers must remain vigilant about third-party dependencies and proper input sanitization to mitigate common web application threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-21293 | Unbounded connection acceptance leads to file handle exhaustion — blazeCWE-400 | 7.5 | High | 2021-02-02 |
This page lists every published CVE security advisory associated with http4s. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.