Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-x768-cvr2-345r
  • SwiftURL/github.com/swift-server/swift-prometheus
Un-sanitized metric name or labels can be used to take over exported metrics 29 Mar
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-whx6-m9j4-w2m2
  • SwiftURL/github.com/ibireme/yyjson
yyjson has a Double Free vulnerability 29 Feb
  • Fix available
  • Severity - 8.8 (High)
GHSA-r6r4-5pr8-gjcp
  • SwiftURL/github.com/vapor/vapor
Vapor contains an integer overflow in URI leading to potential host spoofing 03 Jan
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-5844-q3fc-56rh
  • npm/pubnub
  • Maven/com.pubnub:pubnub-kotlin
  • Maven/com.pubnub:pubnub
  • Go/github.com/pubnub/go/v7
  • Go/github.com/pubnub/go
  • Go/github.com/pubnub/go/v6
  • Go/github.com/pubnub/go/v5
  • NuGet/Pubnub
  • SwiftURL/github.com/pubnub/swift
  • RubyGems/pubnub
  • crates.io/pubnub
  • Packagist/pubnub/pubnub
  • Pub/pubnub
  • PyPI/pubnub
pubnub Insufficient Entropy vulnerability 06 Dec 2023
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-qppj-fm5r-hxr3
  • SwiftURL/github.com/apple/swift-nio-http2
  • Go/golang.org/x/net
  • Go/google.golang.org/grpc
  • Maven/org.apache.tomcat:tomcat-coyote
  • Maven/org.apache.tomcat.embed:tomcat-embed-core
  • Maven/org.eclipse.jetty.http2:http2-common
  • Maven/org.eclipse.jetty.http2:http2-server
  • Maven/org.eclipse.jetty.http2:jetty-http2-common
  • Maven/org.eclipse.jetty.http2:jetty-http2-server
  • Maven/com.typesafe.akka:akka-http-core
  • Maven/com.typesafe.akka:akka-http-core_2.13
  • Maven/com.typesafe.akka:akka-http-core_2.12
  • Maven/com.typesafe.akka:akka-http-core_2.11
HTTP/2 Stream Cancellation Attack 10 Oct 2023
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-3mwq-h3g6-ffhm
  • SwiftURL/github.com/vapor/vapor
Vapor's incorrect request error handling triggers server crash 05 Oct 2023
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c2cc-3569-6jh2
  • SwiftURL/github.com/weichsel/ZIPFoundation
Path traversal in ZIPFoundation 31 Aug 2023
  • Fix available
  • Severity - 7.8 (High)
GHSA-g454-wj9r-jpg4
  • SwiftURL/github.com/marmelroy/Zip
Path traversal in Zip Swift 31 Aug 2023
  • No fix available
  • Severity - 7.8 (High)
GHSA-vxvm-qww3-2fh7
  • Packagist/mongodb/mongodb
  • npm/mongodb
  • SwiftURL/github.com/mongodb/mongo-swift-driver
MongoDB Driver may publish events containing authentication-related data 29 Aug 2023
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-jq43-q8mx-r7mq
  • SwiftURL/github.com/migueldeicaza/SwiftTerm
SwiftTerm Code Injection vulnerability 14 Jul 2023
  • Fix available
  • Severity - 7.1 (High)
GHSA-r6ww-5963-7r95
  • SwiftURL/github.com/grpc/grpc-swift
Denial of Service via reachable assertion 09 Jun 2023
  • Fix available
  • Severity - 7.5 (High)
GHSA-q36x-r5x4-h4q6
  • SwiftURL/github.com/apple/swift-nio-http2
Denial of service via HTTP/2 HEADERS frames padding 09 Jun 2023
  • Fix available
  • Severity - 7.5 (High)
GHSA-rv3x-xq3r-8j9h
  • SwiftURL/github.com/vapor/leaf-kit
LeafKit allows XSS with untrusted user input 09 Jun 2023
  • Fix available
GHSA-2jx2-qcm4-rf9h
  • SwiftURL/github.com/grpc/grpc-swift
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec 09 Jun 2023
  • Fix available
GHSA-rxmj-hg9v-vp3p
  • SwiftURL/github.com/grpc/grpc-swift
Uncontrolled Resource Consumption in LengthPrefixedMessageReader 09 Jun 2023
  • Fix available
  • Severity - 7.5 (High)
GHSA-pqwh-c2f3-vxmq
  • SwiftURL/github.com/vapor/vapor
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash 09 Jun 2023
  • Fix available