GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
29 advisories
PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Moderate
CVE-2026-40148
was published
for
PraisonAI
(pip)
Apr 10, 2026
JWCrypto: JWE ZIP decompression bomb
Moderate
CVE-2026-39373
was published
for
jwcrypto
(pip)
Apr 8, 2026
PDFME Affected by Decompression Bomb in FlateDecode Stream Parsing Causes Memory Exhaustion DoS
Moderate
GHSA-vrqm-gvq7-rrwh
was published
for
@pdfme/pdf-lib
(npm)
Mar 20, 2026
file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry
Moderate
CVE-2026-32630
was published
for
file-type
(npm)
Mar 13, 2026
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS)
Moderate
GHSA-77hf-7fqf-f227
was published
for
openclaw
(npm)
Mar 3, 2026
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
Moderate
CVE-2025-59472
was published
for
next
(npm)
Jan 28, 2026
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
CVE-2025-66019
was published
for
pypdf
(pip)
Nov 24, 2025
pypdf can exhaust RAM via manipulated LZWDecode streams
Moderate
CVE-2025-62708
was published
for
pypdf
(pip)
Oct 22, 2025
Netty's decoders vulnerable to DoS via zip bomb style attack
Moderate
CVE-2025-58057
was published
for
io.netty:netty-codec
(Maven)
Sep 3, 2025
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Moderate
CVE-2025-46730
was published
for
mobsf
(pip)
May 5, 2025
Possible DoS by memory exhaustion in net-imap
Moderate
CVE-2025-25186
was published
for
net-imap
(RubyGems)
Feb 10, 2025
ProTip!
Advisories are also available from the
GraphQL API