io.netty:netty-codec-http2 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-50560Mediumio.netty:netty-codec-http2: Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signatureCVE-2026-48043Mediumio.netty:netty-codec-http2: netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to…CVE-2026-47244Mediumio.netty:netty-codec-http2: Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforcedCVE-2026-42587Highio.netty:netty-codec-http: Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy…CVE-2026-33871Highio.netty:netty-codec-http2: Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame BypassCVE-2025-55163Highio.netty:netty-codec-http2: Netty affected by MadeYouReset HTTP/2 DDoS vulnerabilityGHSA-XPW8-RCWV-8F8PHighio.netty:netty-codec-http2: io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset AttackCVE-2021-21409Mediumio.netty:netty-codec-http2: Possible request smuggling in HTTP/2 due missing validation of content-lengthCVE-2021-21295Mediumio.netty:netty-codec-http2: Possible request smuggling in HTTP/2 due missing validation

Stop the waste.
Protect your environment with Kodem.