Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,768

Total Advisories

1,784

With Dependabot PRs

3,504

Critical Severity

8,609

High Severity

Clear All Filters
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability
GHSA-xvr7-p2c6-j83w MODERATE 3 months ago
The HTTP/2 [MadeYouReset vulnerability](https://galbarnahum.com/made-you-reset) has a mild effect on swift-nio-http2. swift-nio-http2 mostly prote...
swift
No PRs yet
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
GHSA-h952-963h-rv99 CVE-2025-30402 HIGH 5 months ago
A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution o...
maven pypi swift
No PRs yet
Sparkle Signing Checks Bypass
GHSA-wc9m-r3v6-9p5h CVE-2025-0509 HIGH 10 months ago
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Spark...
swift
No PRs yet
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER
GHSA-w8xv-rwgf-4fwh CVE-2025-0343 LOW 11 months ago
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself whic...
swift
2
Dependabot PRs
wasm3 uncontrolled memory allocation vulnerability
GHSA-fmq6-4w57-2w3v CVE-2024-27529 MODERATE about 1 year ago
wasm3 at commit 139076a contains a memory leak in the Read_utf8 function.
cargo pypi swift
No PRs yet
Un-sanitized metric name or labels can be used to take over exported metrics
GHSA-x768-cvr2-345r CVE-2024-28867 MODERATE over 1 year ago
### Impact In code which applies _un-sanitized string values into metric names or labels_, like this: ```swift let lang = try? request.query-get(...
swift
No PRs yet
yyjson has a Double Free vulnerability
GHSA-whx6-m9j4-w2m2 CVE-2024-25713 HIGH over 1 year ago
### Summary The pool series allocator (pool_malloc/pool_free/pool_realloc) by yysjon has a Double Free vulnerability, which may lead to arbitrary ...
swift
No PRs yet
Vapor contains an integer overflow in URI leading to potential host spoofing
GHSA-r6r4-5pr8-gjcp CVE-2024-21631 MODERATE almost 2 years ago
Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing un...
swift
1
Dependabot PRs
Vapor's incorrect request error handling triggers server crash
GHSA-3mwq-h3g6-ffhm CVE-2023-44386 MODERATE about 2 years ago
Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse ...
swift
No PRs yet
Path traversal in ZIPFoundation
GHSA-c2cc-3569-6jh2 CVE-2023-39138 HIGH about 2 years ago
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.
swift
No PRs yet
Path traversal in Zip Swift
GHSA-g454-wj9r-jpg4 CVE-2023-39135 HIGH about 2 years ago
An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.
swift
No PRs yet
SwiftTerm Code Injection vulnerability
GHSA-jq43-q8mx-r7mq CVE-2022-23465 HIGH over 2 years ago
### Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user'...
swift
No PRs yet
Denial of Service via reachable assertion
GHSA-r6ww-5963-7r95 CVE-2022-24777 HIGH over 2 years ago
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling `GOAWAY` f...
swift
No PRs yet
Denial of service via HTTP/2 HEADERS frames padding
GHSA-q36x-r5x4-h4q6 CVE-2022-0618 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. Thi...
swift
No PRs yet
LeafKit allows XSS with untrusted user input
GHSA-rv3x-xq3r-8j9h CVE-2021-37634 MODERATE over 2 years ago
### Impact This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags ...
swift
No PRs yet
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
GHSA-2jx2-qcm4-rf9h CVE-2021-36153 HIGH over 2 years ago
### Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial o...
swift
No PRs yet
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
GHSA-rxmj-hg9v-vp3p CVE-2021-36155 HIGH over 2 years ago
### Impact Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated ...
swift
No PRs yet
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
GHSA-pqwh-c2f3-vxmq CVE-2021-32742 MODERATE over 2 years ago
### Impact A bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial o...
swift
No PRs yet
Vapor's Metrics integration could cause a system drain
GHSA-gcj9-jj38-hwmc CVE-2021-21328 MODERATE over 2 years ago
### Impact This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unli...
swift
No PRs yet
Arbitrary file read using percent-encoded relative paths in FileMiddleware
GHSA-vcvg-xgr8-p5gq CVE-2020-15230 MODERATE over 2 years ago
### Impact Attackers can access data at arbitrary filesystem paths on the same host as an application using `FileMiddleware`. ### Patches Versio...
swift
No PRs yet
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
GHSA-vj2m-9f5j-mpr5 CVE-2022-31005 HIGH over 2 years ago
Vapor is an HTTP web framework for Swift and [middleware](https://docs.vapor.codes/advanced/middleware/) is a logic chain between the client and a ...
swift
No PRs yet
Vapor vulnerable to denial of service in URLEncodedFormDecoder
GHSA-qvxg-wjxc-r4gg CVE-2022-31019 HIGH over 2 years ago
Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder. #...
swift
1
Dependabot PRs
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
GHSA-239c-6cv2-wwx8 CVE-2022-1642 HIGH over 2 years ago
### Impact A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producin...
swift
No PRs yet
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
GHSA-773g-x274-8qmf CVE-2022-3252 HIGH over 2 years ago
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (`HTTPReques...
swift
No PRs yet
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
GHSA-7fj7-39wj-c64f CVE-2022-3215 MODERATE over 2 years ago
`NIOHTTP1` and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs...
swift
No PRs yet
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
GHSA-v3r5-pjpm-mwgq CVE-2023-0040 HIGH over 2 years ago
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability w...
swift
1
Dependabot PRs
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
GHSA-4rhq-vq24-88gw CVE-2021-36154 MODERATE over 2 years ago
### Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead...
swift
No PRs yet
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
GHSA-pgfx-g6rc-8cjv CVE-2022-24668 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack a...
swift
No PRs yet
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
GHSA-ccw9-q5h2-8c2w CVE-2022-24666 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. Thi...
swift
No PRs yet
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
GHSA-mgc4-wqv7-4pxm CRITICAL over 2 years ago
### Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other ...
swift
No PRs yet
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
GHSA-w3f6-pc54-gfw7 CVE-2022-24667 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded hea...
swift
No PRs yet
PostgresNIO processes unencrypted bytes from man-in-the-middle
GHSA-9cfh-vx93-84vv CVE-2023-31136 LOW over 2 years ago
### Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses t...
swift
No PRs yet
zstd vulnerable to buffer overrun
GHSA-5c9c-6x87-f9vm CVE-2022-4899 HIGH over 2 years ago
A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer ove...
swift
No PRs yet
SwiftNIO SSL arbitrary code execution vulnerability
GHSA-frg3-gpcx-968f CVE-2019-8849 CRITICAL over 3 years ago
A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not requir...
swift
No PRs yet