Homepage

mod_http2 vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mod_http2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Information Exposure

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • H
Integer Overflow or Wraparound

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • H
Improper Neutralization

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • H
CVE-2025-66200

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • M
Improper Access Control

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • M
Improper Authentication

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • M
Reachable Assertion

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • M
Improper Neutralization

<0:1.15.7-10.module+el8.10.0+90652+bef864ba.4
  • H
CVE-2024-38476

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • H
Improper Encoding or Escaping of Output

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • H
NULL Pointer Dereference

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • H
Improper Encoding or Escaping of Output

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • H
Improper Input Validation

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • H
Improper Encoding or Escaping of Output

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • M
CVE-2023-38709

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • M
Improper Resource Shutdown or Release

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • M
Out-of-bounds Read

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
  • H
Allocation of Resources Without Limits or Throttling

<0:1.15.7-8.module+el8.9.0+90299+1db10a42.5
  • M
HTTP Request Smuggling

<0:1.15.7-8.module+el8.8.0+21057+13668aee.3
  • H
HTTP Request Smuggling

<0:1.15.7-5.module+el8.7.0+21029+de29ba63.4
  • M
HTTP Request Smuggling

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Out-of-bounds Write

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
HTTP Response Splitting

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Integer Overflow or Wraparound

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Improper Initialization

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
CVE-2022-30556

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Out-of-bounds Write

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
HTTP Request Smuggling

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Integer Overflow or Wraparound

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Allocation of Resources Without Limits or Throttling

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Allocation of Resources Without Limits or Throttling

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Integer Overflow or Wraparound

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • H
Insufficient Verification of Data Authenticity

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • L
NULL Pointer Dereference

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
NULL Pointer Dereference

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Out-of-bounds Write

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
Out-of-bounds Read

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • M
CVE-2021-33193

<0:1.15.7-5.module+el8.6.0+20548+01710940
  • H
HTTP Request Smuggling

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
Out-of-bounds Write

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
Out-of-bounds Write

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
NULL Pointer Dereference

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
Out-of-bounds Write

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • M
CVE-2021-30641

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
NULL Pointer Dereference

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
Server-Side Request Forgery (SSRF)

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
Out-of-bounds Write

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • M
HTTP Request Smuggling

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • M
Buffer Overflow

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • M
Use After Free

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Cross-site Scripting (XSS)

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
NULL Pointer Dereference

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Use After Free

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Out-of-bounds Write

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Resource Exhaustion

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
HTTP Request Smuggling

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Open Redirect

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Open Redirect

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • M
Use of Uninitialized Resource

<0:1.15.7-2.module+el8.3.0+7816+49791cfd
  • H
HTTP Request Smuggling

<0:1.11.3-3.module+el8.2.0+7789+dac765eb.1
  • M
Session Fixation

<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
  • H
Allocation of Resources Without Limits or Throttling

<0:1.11.3-3.module+el8.0.0+5348+de75177e
  • M
Race Condition

<0:1.11.3-3.module+el8.1.0+5385+dcd9ff33
  • M
Use of Incorrectly-Resolved Name or Reference

<0:1.11.3-3.module+el8.1.0+5385+dcd9ff33
  • H
Use After Free

<0:1.11.3-2.module+el8.0.0+5209+a98d70d6
  • H
CVE-2019-0215

<0:1.11.3-2.module+el8.0.0+5209+a98d70d6