CVE-2026-44545

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

EUVD-2026-34092

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

CVE-2026-44545

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

EUVD-2026-34091

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

PT-2026-45940

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

EUVD-2020-0049

Malware in sbrugna...

MAL-2025-47844 Malicious code in autobahn-testsuite-docker (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in autobahn-testsuite-docker (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in nebula-autobahn (npm)

The package nebula-autobahn was found to contain malicious code...

MAL-2025-27157 Malicious code in nebula-autobahn (npm)

The package nebula-autobahn was found to contain malicious code...

Sei Giga

We introduce the Sei Giga, a multi-concurrent producer parallelized execution EVM layer one blockchain. In an internal testnet Giga has achieved 5 gigagas/sec throughput and sub 400ms finality. Giga uses Autobahn for consensus with separate DA and consensus layers requiring f+1 votes for a PoA on...

OPENSUSE-SU-2024:13902-1 python310-autobahn-23.6.2-3.1 on GA media

These are all security issues fixed in the python310-autobahn-23.6.2-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11216-1 python38-autobahn-21.3.1-1.3 on GA media

These are all security issues fixed in the python38-autobahn-21.3.1-1.3 package on the GA media of openSUSE Tumbleweed...

autobahn-hotel.de Cross Site Scripting vulnerability OBB-3620206

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2020-35678

Autobahn|Python before 20.12.3 allows redirect header injection...

Open Redirect in autobahn

Autobahn|Python before 20.12.3 allows redirect header injection...

aiorest-ws (>=1.1.0 <=1.1.1), autobahntestsuite (>=0.8.0 <=0.8.2) +43 more potentially affected by CVE-2020-35678 via autobahn (>=0.10.9 <=19.9.3)

autobahn PYPI version =0.10.9, =1.1.0, =0.8.0, =0.0.1, =0.0.1, =0.3.0, =1.0.0, =1.0.2, =0.3.4, =0.19.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2020-35678 Source advisory: OSV:GHSA-GWP7-VQR5-H33H...

GHSA-GWP7-VQR5-H33H Open Redirect in autobahn

Autobahn|Python before 20.12.3 allows redirect header injection...

openSUSE: Security Advisory for python-autobahn (openSUSE-SU-2021:0152-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for python-autobahn (openSUSE-SU-2021:0132-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...