wildfly | Snyk

Direct Vulnerabilities

Known vulnerabilities in the wildfly package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-fw88-pf9m-p947	<40.0.0-r0
L GHSA-5qcv-4rpc-jp93	<40.0.0-r0
L GHSA-wf66-mphr-4c4r	<40.0.0-r0
L GHSA-3x3v-w654-m28m	<40.0.0-r0
L Information Exposure Through Server Log Files	<40.0.0-r0
L GHSA-3g76-f9xq-8vp6	<40.0.0-r0
C Missing Authentication for Critical Function	<40.0.0-r0
M Allocation of Resources Without Limits or Throttling	<40.0.0-r0
L Race Condition	<40.0.0-r0
H Allocation of Resources Without Limits or Throttling	<40.0.0-r0
H HTTP Response Splitting	<39.0.1-r11
L GHSA-45q3-82m4-75jr	<39.0.1-r11
L GHSA-mj4r-2hfc-f8p6	<39.0.1-r10
L Resource Exhaustion	<39.0.1-r10
L Missing Release of Resource after Effective Lifetime	<39.0.1-r9
L GHSA-rwm7-x88c-3g2p	<39.0.1-r9
L Resource Exhaustion	<39.0.1-r9
L GHSA-f6hv-jmp6-3vwv	<39.0.1-r9
C Improper Input Validation	<39.0.1-r8
L GHSA-cm33-6792-r9fm	<39.0.1-r8
L GHSA-g36m-9g3m-2vmp	<39.0.1-r7
L Resource Exhaustion	<39.0.1-r7
L GHSA-287c-fxr7-3w6c	<39.0.1-r7
H Server-Side Request Forgery (SSRF)	<39.0.1-r7
L Resource Exhaustion	<39.0.1-r7
L GHSA-2hfh-9h53-qc24	<39.0.1-r7
L CRLF Injection	<39.0.1-r6
L GHSA-v8h7-rr48-vmmv	<39.0.1-r6
L CVE-2026-5598	<39.0.1-r5
L CVE-2026-3505	<39.0.1-r5
L GHSA-wg6q-6289-32hp	<39.0.1-r5
L CVE-2026-5588	<39.0.1-r5
L GHSA-c3fc-8qff-9hwx	<39.0.1-r5
L GHSA-cj8j-37rh-8475	<39.0.1-r5
L CVE-2026-0636	<39.0.1-r5
L GHSA-p93r-85wp-75v3	<39.0.1-r5
L GHSA-w9fj-cfpg-grvv	<39.0.1-r3
H Allocation of Resources Without Limits or Throttling	<39.0.1-r3
L GHSA-pwqr-wmgm-9rr8	<39.0.1-r2
L HTTP Request Smuggling	<39.0.1-r2
H Improper Input Validation	<39.0.0-r0
L GHSA-xwmg-2g98-w7v9	<36.0.1-r6
L GHSA-389x-839f-4rhx	<35.0.1-r12
L GHSA-6h4f-pj3g-q8fq	<39.0.0-r0
L Resource Exhaustion	<35.0.1-r12
H Improper Neutralization	<36.0.1-r8
L Uncontrolled Recursion	<36.0.1-r6
L GHSA-cphf-4846-3xx9	<38.0.1-r2
L GHSA-72hv-8253-57qq	<39.0.1-r1
L GHSA-9342-92gg-6v29	<36.0.1-r8
H Improperly Controlled Sequential Memory Allocation	<35.0.1-r14
L GHSA-gfh6-3pqw-x2j4	<35.0.1-r14
M HTTP Request Smuggling	<38.0.1-r2
L GHSA-j288-q9x7-2f5v	<36.0.1-r6
L Uncontrolled Recursion	<36.0.1-r6
H Allocation of Resources Without Limits or Throttling	<37.0.0-r1
L GHSA-prj3-ccx8-p6x4	<37.0.0-r1
L GHSA-fghv-69vj-qj49	<37.0.1-r1
L CVE-2025-24970	<35.0.1-r12
L CVE-2025-48734	<36.0.1-r4
H HTTP Request Smuggling	<37.0.1-r1
L GHSA-wxr5-93ph-8wr9	<36.0.1-r4
L GHSA-36wv-v2qp-v4g4	<36.0.1-r7
L Resource Exhaustion	<36.0.1-r7
L GHSA-4g8c-wm8x-jfhw	<35.0.1-r12
L GHSA-vgq5-3255-v292	<36.0.1-r5
L CRLF Injection	<38.0.1-r1
L GHSA-84h7-rjj3-6jx4	<38.0.1-r1
L CVE-2025-27817	<36.0.1-r5
L CVE-2025-48913	<36.0.1-r8
L GHSA-3w85-5p9g-h334	<35.0.1-r17
L GHSA-95h4-w6j8-2rp8	<38.0.0-r0
L GHSA-g4px-6qhm-hqjm	<36.0.1-r8
M Insufficient Verification of Data Authenticity	<35.0.1-r16
M Incorrect Authorization	<35.0.1-r17
L Allocation of Resources Without Limits or Throttling	<38.0.0-r0
L GHSA-5565-3c98-g6jc	<35.0.1-r16
M XML External Entity (XXE) Injection	<36.0.1-r1
H Improper Handling of Highly Compressed Data (Data Amplification)	<37.0.1-r0
M Resource Exhaustion	<35.0.1-r12
L GHSA-j382-5jj3-vw4j	<39.0.0-r0
L GHSA-vrpq-qp53-qv56	<36.0.1-r1
L GHSA-78wr-2p64-hpwj	<35.0.1-r12
L GHSA-3p8m-j85q-pgmj	<37.0.1-r0
C Improper Input Validation	<39.0.0-r0

Vulnerability

Vulnerable Version

GHSA-fw88-pf9m-p947

<40.0.0-r0