Quarkus Security Vulnerabilities (CVEs)

Track 10 security vulnerabilities affecting Quarkus products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

2 Critical

6 High

1 Medium

1 Low

Sort by:

🔔 Get Alerts for Quarkus

CVE-2025-66560 5.9

A thread exhaustion vulnerability in Quarkus REST HTTP layer causes worker threads to become permanently blocked when client connections drop during r...

Jan 7, 2026

CVE-2024-12225 9.1

This vulnerability in Quarkus's WebAuthn module allows attackers to bypass authentication by accessing default REST endpoints that remain active even ...

May 6, 2025

CVE-2023-6394 7.4

CVE-2023-6394 is an authentication bypass vulnerability in Quarkus where GraphQL operations over WebSocket connections are processed without proper ro...

Dec 9, 2023

CVE-2023-5720 7.7

This vulnerability in Quarkus allows attackers to access sensitive build system information that remains in artifacts created with the Gradle plugin. ...

Nov 15, 2023

CVE-2023-4853 8.1

This vulnerability in Quarkus allows attackers to bypass HTTP security policies by using specially crafted character permutations in requests. Affecte...

Sep 20, 2023

CVE-2022-0981 8.8

CVE-2022-0981 is an authorization bypass vulnerability in Quarkus's RestEasy Reactive component where user state and permissions can leak between web ...

Mar 23, 2022

CVE-2021-37136 7.5

CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially...

Oct 19, 2021

CVE-2021-26291 9.1

Apache Maven follows repository references defined in dependency POM files, allowing malicious actors to redirect builds to compromised repositories. ...

Apr 23, 2021

CVE-2021-29428 8.8

This vulnerability allows local privilege escalation on Unix-like systems by exploiting insecure permissions in the system temporary directory. Attack...

Apr 13, 2021

CVE-2020-8908 3.3

This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowi...

Dec 10, 2020

Why Monitor Quarkus Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 10+ known vulnerabilities affecting Quarkus products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Quarkus packages in under 60 seconds. No agents required - completely agentless scanning that works across Quarkus deployments.

Free vulnerability database: Access detailed information about every Quarkus CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Quarkus CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Quarkus CVEs Free