ROOT-APP-MAVEN-CVE-2026-45416 CVE-2026-45416 in io.root.io.netty:netty-handler - Patched by Root

Root has patched CVE-2026-45416 in the io.root.io.netty:netty-handler package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-44249 CVE-2026-44249 in io.root.io.netty:netty-handler - Patched by Root

Root has patched CVE-2026-44249 in the io.root.io.netty:netty-handler package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-42578 CVE-2026-42578 in io.root.io.netty:netty-handler-proxy - Patched by Root

Root has patched CVE-2026-42578 in the io.root.io.netty:netty-handler-proxy package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-24970 CVE-2025-24970 in io.root.io.netty:netty-handler - Patched by Root

Root has patched CVE-2025-24970 in the io.root.io.netty:netty-handler package for Root:Maven. Multiple fixed versions available...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4133 more potentially affected by CVE-2026-45416 via io.netty:netty-handler (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-handler MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-45416 Source advisory: OSV:GHSA-X4GW-5CX5-PGMH...

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +29615 more potentially affected by CVE-2026-45416 via io.netty:netty-handler (>=4.0.0.Alpha1 <=4.1.134.Final)

io.netty:netty-handler MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4133 more potentially affected by CVE-2026-44249 via io.netty:netty-handler (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-handler MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-44249 Source advisory: OSV:GHSA-3QP7-7MW8-WX86...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +29615 more potentially affected by CVE-2026-44249 via io.netty:netty-handler (>=4.0.0.Alpha1 <=4.1.134.Final)

io.netty:netty-handler MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.3 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +15781 more potentially affected by CVE-2026-42578 via io.netty:netty-handler-proxy (>=4.1.0.Beta4 <=4.1.132.Final)

io.netty:netty-handler-proxy MAVEN version =4.1.0.Beta4, =0.1.0-alpha.3, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

Security Bulletin: Vulnerability in netty-handler affects IBM Netezza Appliance

Summary The netty-handler package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in netty-handler (CVE-2025-24970)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version...

Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970.

Summary IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...

Security Bulletin: There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24970)

Summary There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

Security Bulletin: There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-24970)

Summary There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

at.aimit.mariella:persistence-kotlin (>=1.0.5 <=1.0.8), cloud.piranha.http:piranha-http-netty (>=25.4.0 <=25.5.0) +654 more potentially affected by CVE-2025-24970 via io.netty:netty-handler (>=4.2.0.Alpha1 <=4.2.0.RC2)

io.netty:netty-handler MAVEN version =4.2.0.Alpha1, =1.0.5, =25.4.0, =25.4.0, =7.9.0, =18.0.0, =18.0.0, =18.0.0, =10.0.8, =3.12.1, =3.13.0-RC1 and more Source cves: CVE-2025-24970 Source advisory: SNYK:JAVA-IONETTY-8707739...

Improper Validation of Specified Quantity in Input

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

Withdrawn Advisory: Netty-handler does not validate host names by default

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability only concerns Red Hat's Hot Rod client, which is not in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description Netty-handler...

as.leap:vertx-rpc (>=3.0.0 <=3.1.1), au.com.agiledigital:play-rest-support-testkit_2.11 (>=0.0.2 <=0.0.3) +2388 more potentially affected by CVE-2016-4970 via io.netty:netty-handler (>=4.0.0.Alpha1 <=4.0.36.Final)

io.netty:netty-handler MAVEN version =4.0.0.Alpha1, =3.0.0, =0.0.2, =2.1.1, =2.2.11, =2.2.11, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.0.7, =2.4.15 and more Source cves: CVE-2016-4970 Source advisory: OSV:GHSA-RV63-GQM8-9W8Q...