org.lz4:lz4-java

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.lz4:lz4-javapage 1 of 1

CVE-2025-12183NONECVSS 0.0EG 0.0✓ Fixed in 1.8.1
2025-11-28
vulnerable: 1.4 ... 1.8.0 (9 versions)
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
CVE-2025-66566NONECVSS 0.0EG 0.0
2025-12-05
vulnerable: 1.4 ... 1.8.1 (10 versions)
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted co…

Check whether org.lz4:lz4-java is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.lz4:lz4-java CVEs against the assets you own.

Start Free Scan →