OSV - Open Source Vulnerabilities

OSEC-2026-05

github.com/ocaml/ocaml
opam/ocaml

Windows command execution via filename quotes.

yesterday

Fix available
Severity - 6.1 (Medium)

OSEC-2026-04

github.com/ocaml/ocaml
opam/ocaml

Bigarray.reshape integer overflow

yesterday

Fix available
Severity - 6.1 (Medium)

EEF-CVE-2026-48591

Hex/earmark
github.com/pragdave/earmark

Stored XSS via unescaped HTML attribute values in earmark

2 days ago

No fix available
Severity - 4.8 (Medium)

PSF-2026-28

github.com/python/cpython

See record for full details

3 days ago

No fix available

OSV-2026-923

OSS-Fuzz/gpac
github.com/gpac/gpac

Heap-use-after-free in gf_node_unregister

4 days ago

Fix available

EEF-CVE-2026-48853

Hex/grpc
github.com/elixir-grpc/grpc

Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc

4 days ago

Fix available
Severity - 9.2 (Critical)

EEF-CVE-2026-53430

Hex/grpc
github.com/elixir-grpc/grpc

grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

4 days ago

Fix available
Severity - 8.7 (High)

EEF-CVE-2026-48599

Hex/grpc
github.com/elixir-grpc/grpc

Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

4 days ago

Fix available
Severity - 7.6 (High)

EEF-CVE-2026-48854

Hex/grpc
github.com/elixir-grpc/grpc

Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

4 days ago

Fix available
Severity - 8.7 (High)

EEF-CVE-2026-49757

Hex/ash_authentication
github.com/team-alembic/ash_authentication.git

OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

5 days ago

Fix available
Severity - 9.2 (Critical)

OSV-2026-910

OSS-Fuzz/gpac
github.com/gpac/gpac

Heap-use-after-free in gf_node_unregister

13 Jun

Fix available

OSV-2026-907

OSS-Fuzz/gpac
github.com/gpac/gpac

Heap-use-after-free in gf_sg_route_del

13 Jun

Fix available

OSV-2026-903

OSS-Fuzz/gpac
github.com/gpac/gpac

UNKNOWN in avi_parse_input_file

12 Jun

Fix available

EEF-CVE-2026-53423

Hex/membrane_mp4_plugin
github.com/membraneframework/membrane_mp4_plugin

Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

11 Jun

Fix available
Severity - 5.9 (Medium)

EEF-CVE-2026-48856

github.com/erlang/otp

httpc leaks Authorization header to cross-origin redirect targets

10 Jun

Fix available
Severity - 7.1 (High)

EEF-CVE-2026-48860

github.com/erlang/otp

Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

10 Jun

Fix available
Severity - 7.5 (High)