CVE-2025-30346

< 7.6.2

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

5.4MEDIUM

CVE-2023-44487

< 2023-10-10

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2022-45060

>= 5.0.0 and < 6.0.11

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1.

7.5HIGH

CVE-2022-45059

>= 7.0.0 and < 7.1.2

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on V

7.5HIGH

CVE-2022-38150

all versions

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart th

7.5HIGH

CVE-2022-24979

< 2.0.1

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element rendere

5.3MEDIUM

CVE-2022-23959

>= 7.0.0 and < 7.0.2

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and Varnish Enterprise (Cache Plus) 4

9.1CRITICAL

CVE-2021-36740

>= 5.0.0 and <= 5.2.1

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a

6.5MEDIUM

CVE-2021-28543

< 0.17.1

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations

4.0MEDIUM

CVE-2020-11653

>= 6.0.0 and < 6.0.6

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when co

7.5HIGH

CVE-2019-20637

>= 6.0.0 and < 6.0.5

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear

7.5HIGH

CVE-2013-4090

< 3.0.4

Varnish HTTP cache before 3.0.4: ACL bug

7.5HIGH

CVE-2019-15892

>= 6.1.0 and <= 6.1.1

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a re

7.5HIGH

CVE-2017-8807

>= 5.0.0 and < 5.2.1

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote atta

9.1CRITICAL

CVE-2017-12425

all versions

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if

7.5HIGH

CVE-2015-8852

all versions

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and

7.5HIGH

CVE-2013-0345

all versions

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows

CVE-2013-4484

<= 3.0.4

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a