Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

yhirose — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting yhirose. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Yhirose develops JavaScript libraries for web development, with a core use case of providing utility functions for frontend applications. Historically, common vulnerabilities include cross-site scripting (XSS) due to improper input sanitization, remote code execution (RCE) from unsafe evaluation methods, and privilege escalation through flawed access controls. While no major public incidents have been widely documented, the 15 CVEs on record highlight recurring issues in input handling and dynamic code execution. Security characteristics often involve insufficient validation of user-supplied data, leading to potential client-side compromises. The library's widespread adoption increases its attack surface, making proper usage and input validation critical for implementing secure applications.

Top products by yhirose: cpp-httplib
CVE IDTitleCVSSSeverityPublished
CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body — cpp-httplibCWE-444 4.8 Medium2026-03-31
CVE-2026-33745 cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect — cpp-httplibCWE-200 7.4 High2026-03-27
CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy — cpp-httplibCWE-295 8.7 High2026-03-13
CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header — cpp-httplibCWE-248 7.5 High2026-03-11
CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing — cpp-httplibCWE-674 5.9 Medium2026-03-07
CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib — cpp-httplibCWE-400 7.5 High2026-03-04
CVE-2026-28434 cpp-httplib's default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header — cpp-httplibCWE-200 5.3 Medium2026-03-04
CVE-2026-22776 cpp-httplib vulnerable to a denial of service (DOS) using a zip bomb — cpp-httplibCWE-409 7.5AIHighAI2026-01-12
CVE-2026-21428 cpp-httplib has CRLF injection in http headers — cpp-httplibCWE-93 9.1 -2026-01-01
CVE-2025-66577 cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust — cpp-httplibCWE-117 5.3 Medium2025-12-05
CVE-2025-66570 cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*) — cpp-httplibCWE-290 10.0 Critical2025-12-05
CVE-2025-53629 cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability — cpp-httplibCWE-770 7.5 High2025-07-10
CVE-2025-53628 cpp-httplib does not limit the length of a line — cpp-httplibCWE-835 7.5AIHighAI2025-07-10
CVE-2025-52887 cpp-httplib has unlimited number of http header fields, which causes memory leak — cpp-httplibCWE-400 7.5 High2025-06-26
CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests — cpp-httplibCWE-400 7.5 High2025-05-06

This page lists every published CVE security advisory associated with yhirose. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.