Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

swift Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14NzY4LWN2cjItMzQ1cs4AA6dy
Un-sanitized metric name or labels can be used to take over exported metrics
Ecosystems: swift
Packages: github.com/swift-server/swift-prometheus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yNnI0LTVwcjgtZ2pjcM4AA4Lw
Vapor contains an integer overflow in URI leading to potential host spoofing
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0zbXdxLWgzZzYtZmZobc4AA2Qq
Vapor's incorrect request error handling triggers server crash
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 9 months ago
High
GSA_kwCzR0hTQS1nNDU0LXdqOXItanBnNM4AA1lP
Path traversal in Zip Swift
Ecosystems: swift
Packages: github.com/marmelroy/Zip
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1jMmNjLTM1NjktNmpoMs4AA1lS
Path traversal in ZIPFoundation
Ecosystems: swift
Packages: github.com/weichsel/ZIPFoundation
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related data
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1qcTQzLXE4bXgtcjdtcc4AA0t8
SwiftTerm Code Injection vulnerability
Ecosystems: swift
Packages: github.com/migueldeicaza/SwiftTerm
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 1 year ago
High
GSA_kwCzR0hTQS1yNnd3LTU5NjMtN3I5Nc4AAzxC
Denial of Service via reachable assertion
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xMzZ4LXI1eDQtaDRxNs4AAzxB
Denial of service via HTTP/2 HEADERS frames padding
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ydjN4LXhxM3ItOGo5aM4AAzxA
LeafKit allows XSS with untrusted user input
Ecosystems: swift
Packages: github.com/vapor/leaf-kit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yangyLXFjbTQtcmY5aM4AAzw_
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yeG1qLWhnOXYtdnAzcM4AAzw-
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcXdoLWMyZjMtdnhtcc4AAzw9
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nY2o5LWpqMzgtaHdtY84AAzw8
Vapor's Metrics integration could cause a system drain
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12Y3ZnLXhncjgtcDVncc4AAzw7
Arbitrary file read using percent-encoded relative paths in FileMiddleware
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS12ajJtLTlmNWotbXByNc4AAzuh
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xdnhnLXdqeGMtcjRnZ84AAzug
Vapor vulnerable to denial of service in URLEncodedFormDecoder
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yMzljLTZjdjItd3d4OM4AAzuf
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
Ecosystems: swift
Packages: github.com/apple/swift-corelibs-foundation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03NzNnLXgyNzQtOHFtZs4AAzue
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
Ecosystems: swift
Packages: github.com/apple/swift-nio-extras
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03Zmo3LTM5d2otYzY0Zs4AAzud
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS12M3I1LXBqcG0tbXdncc4AAzuc
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Ecosystems: swift
Packages: github.com/swift-server/async-http-client
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cmhxLXZxMjQtODhnd84AAzbD
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wZ2Z4LWc2cmMtOGNqds4AAzZR
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jY3c5LXE1aDItOGMyd84AAzZQ
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tZ2M0LXdxdjctNHB4bc4AAzZP
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS13M2Y2LXBjNTQtZ2Z3N84AAzZO
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middle
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS01YzljLTZ4ODctZjl2bc4AAyfJ
zstd vulnerable to buffer overrun
Ecosystems: pypi, swift
Packages: zstd, github.com/facebook/zstd
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mcmczLWdwY3gtOTY4Zs4AAjE-
SwiftNIO SSL arbitrary code execution vulnerability
Ecosystems: swift
Packages: github.com/apple/swift-nio-ssl
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 2 years ago
Statistics
Advisories: 19,486
Packages: 8,600
Repositories: 17
Ecosystems: 12