Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Grav before 2.0.2 Decompression Bomb via Forged ZIP Size
tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)
Soupwebsocketextensiondeflate: libsoup: libsoup: websocket permessage-deflate unbounded decompression remote denial of service
An attacker with access to an HX 10
HedgeDoc: Denial-of-service via YAML alias expansion in note frontmatter
Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()
Grav before 2.0.1 Decompression Bomb via ZipArchiver
Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size
rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol
httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data
GPAC ISOBMFF base_encoding.c data amplification
Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion
Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
n8n: Denial of Service via ZIP decompression in webhook workflow
vLLM: OOM Denial of Service via Audio Decompression Bomb
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
Showing 1 - 20 of 1,000+ results