GuardDog 安全漏洞

GuardDog is a CLI tool from GuardDog Open Source that allows identifying malicious PyPI packages. A security vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the safeextract function not validating the unzipped file size, which could lead to a denial-of-service attack vi...

EUVD-2017-15218

Malware in sbrugna...

EUVD-2025-7112

Malicious code in bioql PyPI...

CVE-2025-58057

CVE-2025-58057 is a Netty vulnerability where, in affected releases of netty-codec-compression (≤ 4.1.124.Final) and netty-codec (≤ 4.2.4.Final), specially crafted input can cause BrotliDecoder and related decoders to allocate a large number of reachable byte buffers, leading to denial of service...

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

GHSA-7XMC-VHJP-QV5Q Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

CVE-2024-10569

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

Mattermost Denial of Service Vulnerability (CNVD-2025-12636)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from a failure to limit the file size of slack import file uploads. An attacker could exploit this vulnerability to import data to...

python: The zipfile module is vulnerable to zip-bombs leading to denial of service

A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...

Fides Webserver Vulnerable to Zip Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This...

K52167636: TMM vulnerability CVE-2017-6153

Security Advisory Description Features in the BIG-IP system that utilize inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the...

CVE-2019-9674

...

EulerOS Virtualization for ARM 64 3.0.6.0 : python2 (EulerOS-SA-2020-1344)

According to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1344)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-9674

A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service...

F5 Networks BIG-IP : TMM vulnerability (K52167636)

Features in the BIG-IP system that utilizeinflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a 'Zip Bomb' attack.CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the inflate functionality enabled a...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-6153

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack...