| Bug | Description |
|---|
| TEMP-0000000-B9CD89 | BUG/MAJOR: http: prevent risk of reading past end with balance url_param |
| TEMP-0000000-1F321D | BUG/MAJOR: http: don't read past buffer's end in http_replace_value |
| CVE-2025-32464 | HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a s ... |
| CVE-2024-45506 | HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1 ... |
| CVE-2023-45539 | HAProxy before 2.8.2 accepts # as part of the URI component, which mig ... |
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consum ... |
| CVE-2023-40225 | HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ... |
| CVE-2023-25950 | HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ... |
| CVE-2023-25725 | HAProxy before 2.7.3 may allow a bypass of access control because HTTP ... |
| CVE-2023-0836 | An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ... |
| CVE-2023-0056 | An uncontrolled resource consumption vulnerability was discovered in H ... |
| CVE-2022-0711 | A flaw was found in the way HAProxy processed HTTP responses containin ... |
| CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ... |
| CVE-2021-39242 | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ... |
| CVE-2021-39241 | An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ... |
| CVE-2021-39240 | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ... |
| CVE-2020-11100 | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ... |
| CVE-2019-19330 | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ... |
| CVE-2019-18277 | A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ... |
| CVE-2019-14241 | HAProxy through 2.0.2 allows attackers to cause a denial of service (h ... |
| CVE-2019-11323 | HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ... |
| CVE-2018-20615 | An out-of-bounds read issue was discovered in the HTTP/2 protocol deco ... |
| CVE-2018-20103 | An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ... |
| CVE-2018-20102 | An out-of-bounds read in dns_validate_dns_response in dns.c was discov ... |
| CVE-2018-14645 | A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, ... |
| CVE-2018-11469 | Incorrect caching of responses to requests including an Authorization ... |
| CVE-2018-10184 | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ... |
| CVE-2016-5360 | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, all ... |
| CVE-2015-3281 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1. ... |
| CVE-2014-6269 | Multiple integer overflows in the http_request_forward_body function i ... |
| CVE-2013-2175 | HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ... |
| CVE-2013-1912 | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5- ... |
| CVE-2012-2942 | Buffer overflow in the trash buffer in the header capture functionalit ... |