Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
swift Security Advisories
Loading...
Moderate
Ecosystems: swift
Packages: github.com/swift-server/swift-prometheus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
GSA_kwCzR0hTQS14NzY4LWN2cjItMzQ1cs4AA6dy
Un-sanitized metric name or labels can be used to take over exported metricsEcosystems: swift
Packages: github.com/swift-server/swift-prometheus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
Moderate
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 4 months ago
GSA_kwCzR0hTQS1yNnI0LTVwcjgtZ2pjcM4AA4Lw
Vapor contains an integer overflow in URI leading to potential host spoofingEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 4 months ago
Moderate
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation AttackEcosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
Moderate
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 7 months ago
GSA_kwCzR0hTQS0zbXdxLWgzZzYtZmZobc4AA2Qq
Vapor's incorrect request error handling triggers server crashEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 7 months ago
High
Ecosystems: swift
Packages: github.com/marmelroy/Zip
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 8 months ago
GSA_kwCzR0hTQS1nNDU0LXdqOXItanBnNM4AA1lP
Path traversal in Zip SwiftEcosystems: swift
Packages: github.com/marmelroy/Zip
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 8 months ago
High
Ecosystems: swift
Packages: github.com/weichsel/ZIPFoundation
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 8 months ago
GSA_kwCzR0hTQS1jMmNjLTM1NjktNmpoMs4AA1lS
Path traversal in ZIPFoundationEcosystems: swift
Packages: github.com/weichsel/ZIPFoundation
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 8 months ago
Moderate
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related dataEcosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
High
Ecosystems: swift
Packages: github.com/migueldeicaza/SwiftTerm
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 10 months ago
GSA_kwCzR0hTQS1qcTQzLXE4bXgtcjdtcc4AA0t8
SwiftTerm Code Injection vulnerabilityEcosystems: swift
Packages: github.com/migueldeicaza/SwiftTerm
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 10 months ago
High
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
GSA_kwCzR0hTQS1yNnd3LTU5NjMtN3I5Nc4AAzxC
Denial of Service via reachable assertionEcosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
GSA_kwCzR0hTQS1xMzZ4LXI1eDQtaDRxNs4AAzxB
Denial of service via HTTP/2 HEADERS frames paddingEcosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
Moderate
Ecosystems: swift
Packages: github.com/vapor/leaf-kit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1ydjN4LXhxM3ItOGo5aM4AAzxA
LeafKit allows XSS with untrusted user inputEcosystems: swift
Packages: github.com/vapor/leaf-kit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS0yangyLXFjbTQtcmY5aM4AAzw_
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodecEcosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
GSA_kwCzR0hTQS1yeG1qLWhnOXYtdnAzcM4AAzw-
Uncontrolled Resource Consumption in LengthPrefixedMessageReaderEcosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
Moderate
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1wcXdoLWMyZjMtdnhtcc4AAzw9
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crashEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 11 months ago
GSA_kwCzR0hTQS1nY2o5LWpqMzgtaHdtY84AAzw8
Vapor's Metrics integration could cause a system drainEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 11 months ago
Moderate
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 11 months ago
GSA_kwCzR0hTQS12Y3ZnLXhncjgtcDVncc4AAzw7
Arbitrary file read using percent-encoded relative paths in FileMiddlewareEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
GSA_kwCzR0hTQS12ajJtLTlmNWotbXByNc4AAzuh
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddlewareEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
GSA_kwCzR0hTQS1xdnhnLXdqeGMtcjRnZ84AAzug
Vapor vulnerable to denial of service in URLEncodedFormDecoderEcosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/apple/swift-corelibs-foundation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS0yMzljLTZjdjItd3d4OM4AAzuf
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoderEcosystems: swift
Packages: github.com/apple/swift-corelibs-foundation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/apple/swift-nio-extras
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 11 months ago
GSA_kwCzR0hTQS03NzNnLXgyNzQtOHFtZs4AAzue
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompressionEcosystems: swift
Packages: github.com/apple/swift-nio-extras
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 11 months ago
Moderate
Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 11 months ago
GSA_kwCzR0hTQS03Zmo3LTM5d2otYzY0Zs4AAzud
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/swift-server/async-http-client
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 11 months ago
GSA_kwCzR0hTQS12M3I1LXBqcG0tbXdncc4AAzuc
Async HTTP Client has CRLF Injection vulnerability in HTTP request headersEcosystems: swift
Packages: github.com/swift-server/async-http-client
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 11 months ago
Moderate
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS00cmhxLXZxMjQtODhnd84AAzbD
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodecEcosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
GSA_kwCzR0hTQS1wZ2Z4LWc2cmMtOGNqds4AAzZR
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN framesEcosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
GSA_kwCzR0hTQS1jY3c5LXE1aDItOGMyd84AAzZQ
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame lengthEcosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
Critical
Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 11 months ago
GSA_kwCzR0hTQS1tZ2M0LXdxdjctNHB4bc4AAzZP
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding headerEcosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 11 months ago
High
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
GSA_kwCzR0hTQS13M2Y2LXBjNTQtZ2Z3N84AAzZO
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encodingEcosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 11 months ago
Low
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 12 months ago
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middleEcosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 12 months ago
High
Ecosystems: pypi, swift
Packages: zstd, github.com/facebook/zstd
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 1 year ago
GSA_kwCzR0hTQS01YzljLTZ4ODctZjl2bc4AAyfJ
zstd vulnerable to buffer overrunEcosystems: pypi, swift
Packages: zstd, github.com/facebook/zstd
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 1 year ago
Critical
Ecosystems: swift
Packages: github.com/apple/swift-nio-ssl
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mcmczLWdwY3gtOTY4Zs4AAjE-
SwiftNIO SSL arbitrary code execution vulnerabilityEcosystems: swift
Packages: github.com/apple/swift-nio-ssl
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 2 years ago
Statistics
Advisories: 18,151
Packages: 8,242
Repositories: 17
Ecosystems: 12
Packages: 8,242
Repositories: 17
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
github.com/vapor/vapor
7
github.com/apple/swift-nio-http2
5
github.com/grpc/grpc-swift
4
github.com/apple/swift-nio
2
zstd
1
github.com/migueldeicaza/SwiftTerm
1
mongodb/mongodb
1
mongodb
1
github.com/mongodb/mongo-swift-driver
1
github.com/apple/swift-corelibs-foundation
1
pubnub
1
com.pubnub:pubnub-kotlin
1
com.pubnub:pubnub
1
github.com/pubnub/go/v7
1
github.com/pubnub/go
1
github.com/pubnub/go/v6
1
github.com/pubnub/go/v5
1
Pubnub
1
pubnub
1
pubnub
1
pubnub/pubnub
1
pubnub
1
pubnub
1
github.com/pubnub/swift
1
github.com/weichsel/ZIPFoundation
1
github.com/apple/swift-nio-ssl
1
github.com/apple/swift-nio-extras
1
github.com/vapor/leaf-kit
1
github.com/swift-server/swift-prometheus
1
golang.org/x/net
1
google.golang.org/grpc
1
org.apache.tomcat:tomcat
1
org.apache.tomcat.embed:tomcat-embed-core
1
org.eclipse.jetty.http2:http2-common
1
org.eclipse.jetty.http2:http2-server
1
org.eclipse.jetty.http2:jetty-http2-common
1
org.eclipse.jetty.http2:jetty-http2-server
1
com.typesafe.akka:akka-http-core
1
com.typesafe.akka:akka-http-core_2.13
1
com.typesafe.akka:akka-http-core_2.12
1
com.typesafe.akka:akka-http-core_2.11
1
github.com/swift-server/async-http-client
1
github.com/vapor/postgres-nio
1
github.com/facebook/zstd
1
github.com/marmelroy/Zip
1
Filter by Repository
https://github.com/vapor/vapor
7
https://github.com/apple/swift-nio-http2
5
https://github.com/grpc/grpc-swift
4
https://github.com/apple/swift-nio
2
https://github.com/apple/swift-corelibs-foundation
1
https://github.com/apple/swift-nio-extras
1
https://github.com/facebook/zstd
1
https://github.com/marmelroy/Zip
1
https://github.com/migueldeicaza/SwiftTerm
1
https://github.com/mongodb/mongo-php-driver
1
https://github.com/pubnub/javascript
1
https://github.com/swift-server/async-http-client
1
https://github.com/swift-server/swift-prometheus
1
https://github.com/vapor/leaf-kit
1
https://github.com/vapor/postgres-nio
1
https://github.com/weichsel/ZIPFoundation
1