Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,784

Total Advisories

1,791

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
GHSA-h952-963h-rv99 CVE-2025-30402 HIGH 5 months ago
A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution o...
maven pypi swift
No PRs yet
Sparkle Signing Checks Bypass
GHSA-wc9m-r3v6-9p5h CVE-2025-0509 HIGH 10 months ago
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Spark...
swift
No PRs yet
yyjson has a Double Free vulnerability
GHSA-whx6-m9j4-w2m2 CVE-2024-25713 HIGH over 1 year ago
### Summary The pool series allocator (pool_malloc/pool_free/pool_realloc) by yysjon has a Double Free vulnerability, which may lead to arbitrary ...
swift
No PRs yet
Path traversal in ZIPFoundation
GHSA-c2cc-3569-6jh2 CVE-2023-39138 HIGH about 2 years ago
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.
swift
No PRs yet
Path traversal in Zip Swift
GHSA-g454-wj9r-jpg4 CVE-2023-39135 HIGH about 2 years ago
An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.
swift
No PRs yet
SwiftTerm Code Injection vulnerability
GHSA-jq43-q8mx-r7mq CVE-2022-23465 HIGH over 2 years ago
### Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user'...
swift
No PRs yet
Denial of Service via reachable assertion
GHSA-r6ww-5963-7r95 CVE-2022-24777 HIGH over 2 years ago
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling `GOAWAY` f...
swift
No PRs yet
Denial of service via HTTP/2 HEADERS frames padding
GHSA-q36x-r5x4-h4q6 CVE-2022-0618 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. Thi...
swift
No PRs yet
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
GHSA-2jx2-qcm4-rf9h CVE-2021-36153 HIGH over 2 years ago
### Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial o...
swift
No PRs yet
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
GHSA-rxmj-hg9v-vp3p CVE-2021-36155 HIGH over 2 years ago
### Impact Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated ...
swift
No PRs yet
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
GHSA-vj2m-9f5j-mpr5 CVE-2022-31005 HIGH over 2 years ago
Vapor is an HTTP web framework for Swift and [middleware](https://docs.vapor.codes/advanced/middleware/) is a logic chain between the client and a ...
swift
No PRs yet
Vapor vulnerable to denial of service in URLEncodedFormDecoder
GHSA-qvxg-wjxc-r4gg CVE-2022-31019 HIGH over 2 years ago
Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder. #...
swift
1
Dependabot PRs
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
GHSA-239c-6cv2-wwx8 CVE-2022-1642 HIGH over 2 years ago
### Impact A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producin...
swift
No PRs yet
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
GHSA-773g-x274-8qmf CVE-2022-3252 HIGH over 2 years ago
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (`HTTPReques...
swift
No PRs yet
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
GHSA-v3r5-pjpm-mwgq CVE-2023-0040 HIGH over 2 years ago
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability w...
swift
1
Dependabot PRs
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
GHSA-pgfx-g6rc-8cjv CVE-2022-24668 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack a...
swift
No PRs yet
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
GHSA-ccw9-q5h2-8c2w CVE-2022-24666 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. Thi...
swift
No PRs yet
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
GHSA-w3f6-pc54-gfw7 CVE-2022-24667 HIGH over 2 years ago
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded hea...
swift
No PRs yet
zstd vulnerable to buffer overrun
GHSA-5c9c-6x87-f9vm CVE-2022-4899 HIGH over 2 years ago
A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer ove...
swift
No PRs yet