✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2025-6544H2O affected by a deserialization vulnerability from 0, <= 3.46.0.7
CRITICAL9.8CVE-2024-10553H2O Deserialization of Untrusted Data Vulnerability from 0, < 3.46.0.6
from 0, <= 3.40.0.4
CRITICAL9.1CVE-2024-5986H2O has an External Control of File Name or Path vulnerability from 0, <= 3.46.0.1
CRITICAL9.1CVE-2024-45758H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL from 0, <= 3.46.0.7
>= 3.10.4.1, <= 3.46.0
HIGH7.5CVE-2024-8062H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request >= 3.2.0.1, <= 3.46.0
HIGH7.5CVE-2024-7765H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing >= 3.32.1.2, <= 3.46.0.2
HIGH7.5CVE-2024-7768H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint from 0, <= 3.46.1
HIGH7.5CVE-2024-10549H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint >= 3.30.0.7, <= 3.46.0.1
HIGH7.5CVE-2024-10550H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint >= 3.30.0.7, <= 3.46.0.1
HIGH7.5CVE-2024-6960H2O vulnerable to Deserialization of Untrusted Data from 0, <= 3.46.0.4
HIGH7.1CVE-2024-6854H2O Vulnerable to Arbitrary File Overwrite via File Export >= 3.32.1.1, <= 3.46.0
MEDIUM6.5CVE-2024-6863H2O Vulnerable to Execution of Arbitrary Files >= 3.32.1.2, <= 3.46.0
from 0, < 3.46.0.10