http4s Summary

Latest vulnerabilities published by http4s

JSON RSS CSV 🔔 Create Alert Trigger

23 September 2025

HTTP Request Smuggling Vulnerability in Http4s by Http4s
CVE-2025-59822
Http4sHttp4s6.3MEDIUM

4 January 2023

Http4s has fatal error parsing User-Agent and Server headers
CVE-2023-22465
Http4sHttp4s7.5HIGH

21 September 2021

Response Splitting from unsanitized headers in http4s
CVE-2021-41084
Http4sHttp4s8.7HIGH

1 September 2021

Default CORS config allows any origin with credentials
CVE-2021-39185
Http4sHttp4s9.1CRITICAL

27 May 2021

StaticFile.fromUrl can leak presence of a directory
CVE-2021-32643
Http4sHttp4s5.8MEDIUM

2 February 2021

25 March 2020

Local file inclusion vulnerability in http4s
CVE-2020-5280
Http4sHttp4s7.6HIGH