GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
29 advisories
urllib3 streaming API improperly handles highly compressed data
High
CVE-2025-66471
was published
for
urllib3
(pip)
Dec 5, 2025
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
CVE-2025-66019
was published
for
pypdf
(pip)
Nov 24, 2025
pypdf can exhaust RAM via manipulated LZWDecode streams
Moderate
CVE-2025-62708
was published
for
pypdf
(pip)
Oct 22, 2025
Netty's decoders vulnerable to DoS via zip bomb style attack
Moderate
CVE-2025-58057
was published
for
io.netty:netty-codec
(Maven)
Sep 3, 2025
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Moderate
CVE-2025-46730
was published
for
mobsf
(pip)
May 5, 2025
Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
High
CVE-2025-30153
was published
for
github.com/getkin/kin-openapi
(Go)
Mar 19, 2025
Possible DoS by memory exhaustion in net-imap
Moderate
CVE-2025-25186
was published
for
net-imap
(RubyGems)
Feb 10, 2025
.NET Denial of Service Vulnerability
High
CVE-2024-43499
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Moderate
CVE-2024-28180
was published
for
github.com/go-jose/go-jose/v3
(Go)
Mar 7, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
Scrapy decompression bomb vulnerability
High
CVE-2024-3572
was published
for
scrapy
(pip)
Feb 16, 2024
ProTip!
Advisories are also available from the
GraphQL API