Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

36 advisories

Loading
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
SwiftTerm Code Injection vulnerability High
CVE-2022-23465 was published for github.com/migueldeicaza/SwiftTerm (Swift) Jul 14, 2023
Denial of Service via reachable assertion High
CVE-2022-24777 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
Denial of service via HTTP/2 HEADERS frames padding High
CVE-2022-0618 was published for github.com/apple/swift-nio-http2 (Swift) Jun 9, 2023
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
Vapor's incorrect request error handling triggers server crash Moderate
CVE-2023-44386 was published for github.com/vapor/vapor (Swift) Oct 5, 2023
gwynne 0xTim
t0rchwo0d
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim gwynne
baarde
PostgresNIO processes unencrypted bytes from man-in-the-middle Low
CVE-2023-31136 was published for github.com/vapor/postgres-nio (Swift) May 10, 2023
fabianfett gwynne
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length High
CVE-2022-24666 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length High
GHSA-pv7r-9vjg-g3f9 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
CVE-2022-24667 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
GHSA-wfvq-p7qf-vv64 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames High
CVE-2022-24668 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames High
GHSA-gpgx-whwh-r297 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
Vapor's Metrics integration could cause a system drain Moderate
CVE-2021-21328 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
Uncontrolled Resource Consumption in LengthPrefixedMessageReader High
CVE-2021-36155 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash Moderate
CVE-2021-32742 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
ProTip! Advisories are also available from the GraphQL API