GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
dbt-common's commonprefix() doesn't protect against path traversal
Low
CVE-2026-29790
was published
for
dbt-common
(pip)
Mar 5, 2026
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
High
CVE-2026-21441
was published
for
urllib3
(pip)
Jan 7, 2026
urllib3 streaming API improperly handles highly compressed data
High
CVE-2025-66471
was published
for
urllib3
(pip)
Dec 5, 2025
urllib3 allows an unbounded number of links in the decompression chain
High
CVE-2025-66418
was published
for
urllib3
(pip)
Dec 5, 2025
urllib3 does not control redirects in browsers and Node.js
Moderate
CVE-2025-50182
was published
for
urllib3
(pip)
Jun 18, 2025
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Moderate
CVE-2025-50181
was published
for
urllib3
(pip)
Jun 18, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs
Moderate
CVE-2024-47081
was published
for
requests
(pip)
Jun 9, 2025
check-jsonschema default caching for remote schemas allows for cache confusion
Moderate
CVE-2024-53848
was published
for
check-jsonschema
(pip)
Dec 2, 2024
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
Unintended leak of Proxy-Authorization header in requests
Moderate
CVE-2023-32681
was published
for
requests
(pip)
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API