GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
High
CVE-2026-21441
was published
for
urllib3
(pip)
Jan 7, 2026
urllib3 streaming API improperly handles highly compressed data
High
CVE-2025-66471
was published
for
urllib3
(pip)
Dec 5, 2025
urllib3 allows an unbounded number of links in the decompression chain
High
CVE-2025-66418
was published
for
urllib3
(pip)
Dec 5, 2025
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
ProTip!
Advisories are also available from the
GraphQL API