CWE-409: CWE-409

A Denial of Service vulnerability exists in cpp-httplib where compressed HTTP request bodies are not properly limited after decompression. Attackers c...

This vulnerability in urllib3 allows a malicious server to cause excessive resource consumption on clients through decompression bombs in HTTP redirec...

AIOHTTP versions 3.13.2 and below are vulnerable to a zip bomb denial-of-service attack. An attacker can send specially crafted compressed requests th...

This vulnerability allows unauthenticated attackers to cause denial of service by uploading specially crafted image files that trigger memory exhausti...

CVE-2025-66471 is a resource exhaustion vulnerability in urllib3's streaming API that occurs when processing highly compressed HTTP responses. Attacke...

CVE-2025-62708 is a memory exhaustion vulnerability in pypdf, a popular Python PDF library. Attackers can craft malicious PDFs with LZWDecode filters ...

A denial-of-service vulnerability in Netty's BrotliDecoder and other decompression decoders allows attackers to cause out-of-memory conditions by send...

This vulnerability in h2oai/h2o-3 allows attackers to cause denial of service by uploading specially crafted large GZIP files. The server becomes unre...

This vulnerability allows attackers to crash the Ollama server by sending malicious gzip bomb HTTP responses, causing excessive memory consumption and...

This vulnerability in kin-openapi allows attackers to upload specially crafted ZIP files (like ZIP bombs) through multipart/form-data requests, causin...

This vulnerability in the Scrapy web scraping framework allows attackers to perform XML External Entity (XXE) attacks by submitting malicious XML data...

The Apollo Router versions 0.9.5 through 1.40.1 have a DoS vulnerability where highly compressed HTTP payloads cause excessive memory consumption duri...

MarkUs web application versions before 2.9.4 lack proper limits when extracting zip files, allowing attackers to cause denial of service through resou...

CVE-2025-63914 is a resource exhaustion vulnerability in Cinnamon kotaemon 0.11.0 where the ZIP file extraction function lacks proper validation. Atta...

This vulnerability allows any authenticated user to upload a Zip Bomb archive that causes disk space exhaustion when PeerTube attempts to extract it. ...

This vulnerability allows attackers to crash servers running the binary-husky/gpt_academic repository by uploading specially crafted zip bombs. When t...

This vulnerability in NATS-Server allows attackers to cause denial of service via compression bombs in WebSocket messages. It affects deployments usin...

This vulnerability in python-jose 3.3.0 allows attackers to cause Denial-of-Service (DoS) by sending malicious JWE tokens with high compression ratios...

This vulnerability in IBM PowerVM Hypervisor firmware allows a local user with specific Linux processor compatibility mode configurations to cause und...

Apache Seata (incubating) has a vulnerability where improper handling of highly compressed data can lead to data amplification attacks. This affects a...

This vulnerability allows attackers to cause a denial of service (DoS) condition in GitLab by sending specially crafted API calls. It affects all GitL...