Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Red Hat
Openshift Serverless

Red Hat OpenShift Serverless Vulnerabilities: CVEs, CISA KEV & Security Advisories

16 CVEs

Red Hat OpenShift Serverless Vulnerabilities

CVE security advisories and vulnerability history for OpenShift Serverless by Red Hat.

16

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

2

Public exploits

With known exploit

6.6

Avg CVSS

2023–2026

Last updated January 30, 2026

Overview

Red Hat OpenShift Serverless has 16 published CVE records since 2023, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 6.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Red Hat OpenShift Serverless, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of Red Hat OpenShift Serverless's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High7

Medium7

Low1

In CISA’s Known Exploited Vulnerabilities catalog

0

None of Red Hat OpenShift Serverless's CVEs are currently listed in CISA's KEV catalog.

Public exploits

2

2 of Red Hat OpenShift Serverless's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every Red Hat OpenShift Serverless version named in a CVE, then pick one to see only the CVEs that affect it.

Default status

All versions9 CVEs

Find a version

16 CVEs

Sort

Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks
CVE-2024-4027
Patch
CWE-20
High · CVSS 7.5
EPSS 0.4% (60th pct)2026-01-30
Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
CVE-2024-3884
Patch
Workaround
CWE-20
High · CVSS 7.5
EPSS 0.1% (31th pct)2025-12-03
Nx: nx/devkit: malicious versions of nx and plugins published to npm
CVE-2025-10894
Public exploit
CWE-506
Critical · CVSS 9.6
EPSS 0.3% (55th pct)2025-09-24
Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results
CVE-2025-8556
Patch
CWE-1287
Low · CVSS 3.7
EPSS 0.1% (26th pct)2025-08-06
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
CVE-2024-11831
Patch
CWE-79
Medium · CVSS 5.4
EPSS 1.1% (79th pct)2025-02-10
Cert-manager: potential dos when parsing specially crafted pem inputs
CVE-2024-12401
Patch
CWE-20
Medium · CVSS 4.4
EPSS 0.1% (17th pct)2024-12-12
Golang-fips: golang fips zeroed buffer
CVE-2024-9355
Patch
CWE-457
Medium · CVSS 6.5
EPSS 0.1% (22th pct)2024-10-01
Undertow: learningpushhandler can lead to remote memory dos attacks
CVE-2024-3653
Patch
Workaround
CWE-401
Medium · CVSS 5.3
EPSS 4.4% (89th pct)2024-07-08
Containers/image: digest type does not guarantee valid type
CVE-2024-3727
Patch
CWE-354
High · CVSS 8.3
EPSS 0.7% (72th pct)2024-05-09
Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used.
CVE-2023-5675
Patch
CWE-285
Medium · CVSS 6.5
EPSS 0.1% (32th pct)2024-04-25
Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
CVE-2024-1300
Patch
CWE-401
Medium · CVSS 5.4
EPSS 0.2% (48th pct)2024-04-02
Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
CVE-2024-1023
Public exploit
Patch
CWE-401
Medium · CVSS 6.5
EPSS 0.2% (46th pct)2024-03-27
Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
CVE-2024-1394
Patch
CWE-401
High · CVSS 7.5
EPSS 1.4% (81th pct)2024-03-21
Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
CVE-2024-1635
Patch
CWE-400
High · CVSS 7.5
EPSS 22.7% (96th pct)2024-02-19
Keycloak: redirect_uri validation bypass
CVE-2023-6291
Patch
CWE-601
High · CVSS 7.1
EPSS 0.2% (39th pct)2024-01-26
Ocp & fips mode
CVE-2023-3089
Patch
CWE-693
High · CVSS 7.0
EPSS 0.1% (22th pct)2023-07-05

Common weakness types

The CWE weakness categories most often found in Red Hat OpenShift Serverless CVEs. Follow any weakness for its full explanation.

CWE-401Missing Release of Memory after Effective Lifetime4 CVEs
CWE-20Improper Input Validation3 CVEs
CWE-354Improper Validation of Integrity Check Value1 CVE
CWE-400Uncontrolled Resource Consumption1 CVE
CWE-457Use of Uninitialized Variable1 CVE
CWE-506Embedded Malicious Code1 CVE
CWE-601URL Redirection to Untrusted Site ('Open Redirect')1 CVE
CWE-693Protection Mechanism Failure1 CVE

Disclosure activity by year

How many Red Hat OpenShift Serverless CVEs were published each year.

2023

1

2024

10

2025

4

2026

1

Other Red Hat products

Browse vulnerabilities for other products by Red Hat.

Red Hat Enterprise Linux 9678 CVEs Red Hat Enterprise Linux 8672 CVEs Red Hat Enterprise Linux 7581 CVEs Red Hat Enterprise Linux 6537 CVEs Red Hat Enterprise Linux 10386 CVEs Red Hat OpenShift Container Platform 4188 CVEs Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support129 CVEs Red Hat Enterprise Linux 9.4 Extended Update Support118 CVEs

All Red Hat vulnerabilities

Frequently asked questions

Common questions about Red Hat OpenShift Serverless vulnerabilities.

How many CVEs does Red Hat OpenShift Serverless have?

Red Hat OpenShift Serverless has 16 published CVE records since 2023.

How many Red Hat OpenShift Serverless CVEs are in CISA KEV?

None of Red Hat OpenShift Serverless's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for Red Hat OpenShift Serverless vulnerabilities?

Yes — 2 of Red Hat OpenShift Serverless's CVEs have a known public exploit.

Which versions of Red Hat OpenShift Serverless are affected?

1 distinct Red Hat OpenShift Serverless version is named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in Red Hat OpenShift Serverless CVEs?

Red Hat OpenShift Serverless's CVEs most often map to these CWE weakness types: CWE-401 (Missing Release of Memory after Effective Lifetime), CWE-20 (Improper Input Validation), CWE-354 (Improper Validation of Integrity Check Value), CWE-400 (Uncontrolled Resource Consumption).

How many critical Red Hat OpenShift Serverless vulnerabilities are there?

Red Hat OpenShift Serverless has 1 critical and 7 high-severity CVEs.

What is the average severity of Red Hat OpenShift Serverless CVEs?

The average CVSS base score across Red Hat OpenShift Serverless's scored CVEs is 6.6.

References

All Red Hat vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Red Hat OpenShift Serverless vulnerabilities

Monitor new Red Hat OpenShift Serverless vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References