pkg:PyPI/h2o

All known vulnerabilities

• CRITICAL9.8CVE-2025-6544H2O affected by a deserialization vulnerability
  from 0, <= 3.46.0.7
• CRITICAL9.8CVE-2024-10553H2O Deserialization of Untrusted Data Vulnerability
  from 0, < 3.46.0.6
• CRITICAL9.3CVE-2023-6569External Control of File Name or Path in h2oai/h2o-3
  from 0, < 3.46.0.1
• CRITICAL9.1H2O has an External Control of File Name or Path vulnerability
  from 0, <= 3.46.0.1
• CRITICAL9.1H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
  from 0, <= 3.46.0.7
• HIGH8.2H2O Vulnerable to Arbitrary File Overwrite
  >= 3.10.4.1, <= 3.46.0
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request
  >= 3.2.0.1, <= 3.46.0
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
  >= 3.32.1.2, <= 3.46.0.2
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint
  from 0, <= 3.46.1
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) and File Write
  >= 3.34.0.1, <= 3.46.0.1
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint
  >= 3.30.0.7, <= 3.46.0.1
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint
  >= 3.30.0.7, <= 3.46.0.1
• HIGH7.5h2o vulnerable to unexpected POST request shutting down server
  from 0, <= 3.46.0
• HIGH7.1H2O Vulnerable to Arbitrary File Overwrite via File Export
  >= 3.32.1.1, <= 3.46.0
• MEDIUM6.5H2O Vulnerable to Execution of Arbitrary Files
  >= 3.32.1.2, <= 3.46.0
• MEDIUM5.3Arbitrary system path lookup in h20
  from 0, <= 3.40.0.4