Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-wj3h-wx8g-x699
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O has an External Control of File Name or Path vulnerability 02 Feb
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-5w3j-gwgh-4rfv
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O affected by a deserialization vulnerability 22 Sep 2025
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-g48v-3p35-88jr
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Arbitrary File Overwrite 20 Mar 2025
  • No fix available
  • Severity - 8.2 (High)
GHSA-5c8j-g96x-cj78
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-6w62-3jvj-mfj6
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-p2vc-m5fv-9w9m
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-47f6-5p7h-5f3h
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Arbitrary File Overwrite via File Export 20 Mar 2025
  • No fix available
  • Severity - 7.1 (High)
GHSA-m37h-8r48-2cxj
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Execution of Arbitrary Files 20 Mar 2025
  • No fix available
  • Severity - 6.5 (Medium)
GHSA-7qq7-pvm9-x8rf
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-h7xg-cmpp-48hf
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Deserialization of Untrusted Data Vulnerability 20 Mar 2025
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-wjpv-64v2-2qpq
  • Maven/ai.h2o:h2o-ext-xgboost
  • PyPI/h2o
 H2O Vulnerable to Denial of Service (DoS) and File Write 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-wwr9-4gmr-xvq9
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-hrmc-jmp7-mpm2
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL 06 Sep 2024
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-58m3-rcvp-f9ww
  • PyPI/h2o
 h2o vulnerable to unexpected POST request shutting down server 27 Jun 2024
  • No fix available
  • Severity - 7.5 (High)
GHSA-x234-r5fg-x52m
  • PyPI/h2o
 Arbitrary system path lookup in h20 06 Jun 2024
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-gqrq-j6pm-98c2
  • PyPI/h2o
 External Control of File Name or Path in h2oai/h2o-3 14 Dec 2023
  • Fix available
  • Severity - 9.3 (Critical)