Browse all 4 CVE security advisories affecting typelevel. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Typelevel is a functional programming library ecosystem for Scala, focusing on type-safe abstractions and compositional design. Historically, vulnerabilities have included remote code execution in parser components, cross-site scripting in web integrations, and privilege escalation in authentication modules. The project maintains a strong emphasis on type safety which mitigates certain vulnerability classes, though its complex dependency chains have introduced supply chain risks. While no major public security incidents have been documented, the 4 recorded CVEs highlight potential risks in parsing and web-related components, particularly when integrating with untrusted inputs or legacy systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58369 | fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side — fs2CWE-400 | 5.3 | Medium | 2025-09-05 |
| CVE-2023-50730 | Grackle has StackOverflowError in GraphQL query processing — grackleCWE-400 | 7.5 | High | 2023-12-22 |
| CVE-2022-31183 | mTLS client verification is skipped in fs2 on Node.js — fs2CWE-295 | 9.1 | Critical | 2022-08-01 |
| CVE-2022-21653 | Hash collision in typelevel jawn — jawnCWE-400 | 5.9 | Medium | 2022-01-05 |
This page lists every published CVE security advisory associated with typelevel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.