Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,772

Total Advisories

1,787

With Dependabot PRs

3,505

Critical Severity

8,612

High Severity

Clear All Filters
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability
GHSA-xvr7-p2c6-j83w MODERATE 3 months ago
The HTTP/2 [MadeYouReset vulnerability](https://galbarnahum.com/made-you-reset) has a mild effect on swift-nio-http2. swift-nio-http2 mostly prote...
swift
No PRs yet
wasm3 uncontrolled memory allocation vulnerability
GHSA-fmq6-4w57-2w3v CVE-2024-27529 MODERATE about 1 year ago
wasm3 at commit 139076a contains a memory leak in the Read_utf8 function.
cargo pypi swift
No PRs yet
Un-sanitized metric name or labels can be used to take over exported metrics
GHSA-x768-cvr2-345r CVE-2024-28867 MODERATE over 1 year ago
### Impact In code which applies _un-sanitized string values into metric names or labels_, like this: ```swift let lang = try? request.query-get(...
swift
No PRs yet
Vapor contains an integer overflow in URI leading to potential host spoofing
GHSA-r6r4-5pr8-gjcp CVE-2024-21631 MODERATE almost 2 years ago
Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing un...
swift
1
Dependabot PRs
Vapor's incorrect request error handling triggers server crash
GHSA-3mwq-h3g6-ffhm CVE-2023-44386 MODERATE about 2 years ago
Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse ...
swift
No PRs yet
LeafKit allows XSS with untrusted user input
GHSA-rv3x-xq3r-8j9h CVE-2021-37634 MODERATE over 2 years ago
### Impact This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags ...
swift
No PRs yet
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
GHSA-pqwh-c2f3-vxmq CVE-2021-32742 MODERATE over 2 years ago
### Impact A bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial o...
swift
No PRs yet
Vapor's Metrics integration could cause a system drain
GHSA-gcj9-jj38-hwmc CVE-2021-21328 MODERATE over 2 years ago
### Impact This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unli...
swift
No PRs yet
Arbitrary file read using percent-encoded relative paths in FileMiddleware
GHSA-vcvg-xgr8-p5gq CVE-2020-15230 MODERATE over 2 years ago
### Impact Attackers can access data at arbitrary filesystem paths on the same host as an application using `FileMiddleware`. ### Patches Versio...
swift
No PRs yet
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
GHSA-7fj7-39wj-c64f CVE-2022-3215 MODERATE over 2 years ago
`NIOHTTP1` and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs...
swift
No PRs yet
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
GHSA-4rhq-vq24-88gw CVE-2021-36154 MODERATE over 2 years ago
### Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead...
swift
No PRs yet