6.9
CVE-2026-31964 - HTSlib CRAM decoder has a NULL Pointer Dereference
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to omi…
8.8
CVE-2026-31963 - HTSlib CRAM reader has heap buffer overflow due to improper validation of input
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it st…
2.1
CVE-2026-3479 - pkgutil.get_data() does not enforce documented restrictions
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
8.8
CVE-2026-31962 - HTSlib CRAM reader has heap buffer overflow due to improper validation of input
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to som…
7.5
CVE-2026-27135 - nghttp2 Denial of service: Assertion failure due to the missing state validation
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They mig…
