Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits Moderate
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy
Data Amplification in HashiCorp go-getter Moderate
CVE-2023-0475 was published for github.com/hashicorp/go-getter (Go) Feb 16, 2023
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb Moderate
CVE-2023-26483 was published for github.com/russellhaering/gosaml2 (Go) Mar 2, 2023
nszetei
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Moderate
CVE-2024-28180 was published for github.com/go-jose/go-jose/v3 (Go) Mar 7, 2024
zer0yu chenjj
hectorj2f vrv7567
Pillow vulnerable to Data Amplification attack. High
CVE-2022-45198 was published for pillow (pip) Nov 14, 2022
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability High
GHSA-wmm6-pgp8-29hg was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API