Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

35 advisories

Loading
Tesla vulnerable to multipart part smuggling via unescaped `content-disposition` values Low
CVE-2026-48598 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
Tesla vulnerable to atom exhaustion via untrusted URL scheme High
CVE-2026-48597 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering High
CVE-2026-48595 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
Tesla has decompression bomb on response body High
CVE-2026-48594 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
Tesla has CRLF injection in request `Content-Type` header via `add_content_type_param` Low
CVE-2026-48596 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS High
CVE-2026-48862 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, ericmj, and maennchen ericmj ericmj
maennchen maennchen
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood) High
CVE-2026-49754 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, ericmj, and maennchen ericmj ericmj
maennchen maennchen
mint: Content-Length header accepts non-RFC "+" sign prefix Moderate
CVE-2026-49753 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, ericmj, and maennchen ericmj ericmj
maennchen maennchen
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target` Low
CVE-2026-48861 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, maennchen, and ericmj maennchen maennchen
ericmj ericmj
oban_web missing authorization check on `save-job` event handler Moderate
CVE-2026-48592 was published for oban_web (Erlang) Jun 30, 2026
PJUllrich Credited to PJUllrich, sorentwo, and maennchen sorentwo sorentwo
maennchen maennchen
oban_web: Unbounded range expansion in cron describe causes memory exhaustion Moderate
CVE-2026-48593 was published for oban_web (Erlang) Jun 30, 2026
PJUllrich Credited to PJUllrich, sorenone, and maennchen sorenone sorenone
maennchen maennchen
ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass High
CVE-2026-47074 was published for ex_aws_sns (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich, bernardd, and maennchen bernardd bernardd
maennchen maennchen
Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes High
CVE-2026-47067 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney has unbounded buffer accumulation in WebSocket High
CVE-2026-47073 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney has CRLF / header injection in WebSocket upgrade request Moderate
CVE-2026-47072 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM High
CVE-2026-47077 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body Moderate
CVE-2026-47070 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney has CRLF / header injection via unvalidated `domain` and `path` options Low
CVE-2026-47069 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney: `ssl:connect/2` post-handshake upgrade has no timeout High
CVE-2026-47071 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry High
CVE-2026-47066 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
PhoenixStorybook has cross-session PubSub topic injection via URL parameter Low
CVE-2026-47068 was published for phoenix_storybook (Erlang) Jun 9, 2026
PJUllrich Credited to PJUllrich, cblavier, and maennchen cblavier cblavier
maennchen maennchen
PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS) High
CVE-2026-8469 was published for phoenix_storybook (Erlang) Jun 9, 2026
PJUllrich Credited to PJUllrich, cblavier, and maennchen cblavier cblavier
maennchen maennchen
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder High
CVE-2026-39806 was published for bandit (Erlang) May 19, 2026
PJUllrich Credited to PJUllrich, mtrudel, and maennchen mtrudel mtrudel
maennchen maennchen
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked` High
CVE-2026-39803 was published for bandit (Erlang) May 19, 2026
PJUllrich Credited to PJUllrich, mtrudel, and maennchen mtrudel mtrudel
maennchen maennchen
Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3` High
CVE-2026-32687 was published for postgrex (Erlang) May 18, 2026
PJUllrich Credited to PJUllrich
ProTip! Advisories are also available from the GraphQL API