Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5 advisories

Loading
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS High
CVE-2026-48862 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, ericmj, and maennchen ericmj ericmj
maennchen maennchen
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood) High
CVE-2026-49754 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, ericmj, and maennchen ericmj ericmj
maennchen maennchen
mint: Content-Length header accepts non-RFC "+" sign prefix Moderate
CVE-2026-49753 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, ericmj, and maennchen ericmj ericmj
maennchen maennchen
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target` Low
CVE-2026-48861 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, maennchen, and ericmj maennchen maennchen
ericmj ericmj
Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS Moderate
CVE-2026-32686 was published for decimal (Erlang) May 12, 2026
PJUllrich Credited to PJUllrich, ericmj, josevalim, wojtekmach, maennchen, ruslandoga, and warmwaffles ericmj ericmj
josevalim josevalim wojtekmach wojtekmach maennchen maennchen ruslandoga ruslandoga warmwaffles warmwaffles
ProTip! Advisories are also available from the GraphQL API