Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20 advisories

Loading
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware High
CVE-2022-31005 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder High
CVE-2022-1642 was published for github.com/apple/swift-corelibs-foundation (Swift) Jun 7, 2023
weissi gliush
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression High
CVE-2022-3252 was published for github.com/apple/swift-nio-extras (Swift) Jun 7, 2023
vojtarylko
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec High
CVE-2021-36153 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
Uncontrolled Resource Consumption in LengthPrefixedMessageReader High
CVE-2021-36155 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames High
GHSA-gpgx-whwh-r297 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames High
CVE-2022-24668 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
GHSA-wfvq-p7qf-vv64 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
CVE-2022-24667 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length High
GHSA-pv7r-9vjg-g3f9 was published for github.com/apple/swift-nio-http2 (Swift) Feb 11, 2022 withdrawn
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length High
CVE-2022-24666 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel
Denial of service via HTTP/2 HEADERS frames padding High
CVE-2022-0618 was published for github.com/apple/swift-nio-http2 (Swift) Jun 9, 2023
Denial of Service via reachable assertion High
CVE-2022-24777 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
SwiftTerm Code Injection vulnerability High
CVE-2022-23465 was published for github.com/migueldeicaza/SwiftTerm (Swift) Jul 14, 2023
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
ProTip! Advisories are also available from the GraphQL API