Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec High
CVE-2021-36153 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob
Vapor's Metrics integration could cause a system drain Moderate
CVE-2021-21328 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header Critical
GHSA-mgc4-wqv7-4pxm was published for github.com/apple/swift-nio (Swift) May 18, 2023
SwiftNIO SSL arbitrary code execution vulnerability Critical
CVE-2019-8849 was published for github.com/apple/swift-nio-ssl (Swift) May 24, 2022
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware High
CVE-2022-31005 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec Moderate
CVE-2021-36154 was published for github.com/grpc/grpc-swift (Swift) May 22, 2023
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder High
CVE-2022-1642 was published for github.com/apple/swift-corelibs-foundation (Swift) Jun 7, 2023
weissi gliush
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Moderate
CVE-2022-3215 was published for github.com/apple/swift-nio (Swift) Jun 7, 2023
dellalibera
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression High
CVE-2022-3252 was published for github.com/apple/swift-nio-extras (Swift) Jun 7, 2023
vojtarylko
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database