10 Total advisories
10 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 8.9
CVE-2026-23527
h3 v1 has Request Smuggling (TE.TE) issue
LOW 3.7
CVE-2026-33490
h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes
MEDIUM 5.3
GHSA-q5pr-72pq-83v3
H3: Unbounded Chunked Cookie Count in Session Cleanup Loop may Lead to Denial of Service
MEDIUM 5.4
GHSA-fp4x-ggrf-wmc6
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation
HIGH 7.4
CVE-2026-33131
h3 has a middleware bypass with one gadget
HIGH 7.5
CVE-2026-33128
h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields
MEDIUM 5.9
CVE-2026-33129
h3 has an observable timing discrepancy in basic auth utils
MEDIUM 5.9
GHSA-72gr-qfp7-vwhw
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
MEDIUM 5.3
GHSA-4hxc-9384-m385
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix)
MEDIUM 5.9
GHSA-wr4h-v87w-p3r7
h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
Ready to move
Start Securing
Free, no credit card | First findings in minutes