Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4px2-pw77-vc85
  • SwiftURL/github.com/apple/swift-nio-http2
 SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec 12 Jun
  • Fix available
GHSA-6ph5-fww6-vfwv
  • SwiftURL/github.com/apple/swift-nio-extras
 NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length 12 Jun
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-rj37-6j9x-74q6
  • SwiftURL/github.com/apple/swift-nio
 SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS 12 Jun
  • Fix available
  • Severity - 8.7 (High)
GHSA-r3rc-9hpw-54v9
  • SwiftURL/github.com/apple/swift-nio
 SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow 12 Jun
  • Fix available
  • Severity - 8.3 (High)
GHSA-cq87-8r7h-962v
  • SwiftURL/github.com/apple/swift-nio
 SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator 12 Jun
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-g3hp-f6mg-559v
  • SwiftURL/github.com/sparkle-project/Sparkle
 Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection 29 May
  • No fix available
  • Severity - 4.2 (Medium)
GHSA-hg88-v3cw-3qrh
  • SwiftURL/github.com/sparkle-project/Sparkle
 Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta 29 May
  • No fix available
  • Severity - 6.1 (Medium)
GHSA-39g5-644c-qwcg
  • SwiftURL/github.com/apple/container
 container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command 07 May
  • Fix available
  • Severity - 1.9 (Low)
GHSA-r3fr-7m74-q7g2
  • SwiftURL/CocoaMQTT
 CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing 03 Apr
  • Fix available
  • Severity - 5.7 (Medium)
GHSA-9m44-rr2w-ppp7
  • SwiftURL/swift-crypto
 Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length 03 Apr
  • Fix available
  • Severity - 8.8 (High)
GHSA-6jj5-j4j8-8473
  • SwiftURL/github.com/vapor/leaf-kit
 LeafKit's HTML escaping may be skipped for Collection values, enabling XSS 16 Mar
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-4hfh-fch3-5q7p
  • SwiftURL/github.com/vapor/leaf-kit
 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster 19 Feb
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-cq3j-qj2h-6rv3
  • SwiftURL/github.com/apple/container
  • SwiftURL/github.com/apple/containerization
 Container and Containerization archive extraction does not guard against escapes from extraction base directory. 22 Jan
  • Fix available
  • Severity - 1.9 (Low)
GHSA-mvpq-2v8x-ww6g
  • SwiftURL/github.com/swift-otel/swift-otel
  • SwiftURL/github.com/swift-otel/swift-w3c-trace-context
 Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash 21 Jan
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-88q6-jcjg-hvmw
  • SwiftURL/github.com/beatt83/jose-swift
 jose-swift has JWT Signature Verification Bypass via None Algorithm 09 Jan
  • Fix available
  • Severity - 8.8 (High)
GHSA-pc9j-5v36-2mww
  • SwiftURL/github.com/awslabs/aws-sdk-swift
 AWS SDK for Swift adopted defense in depth enhancement for region parameter value 08 Jan
  • Fix available
  • Severity - 3.7 (Low)
Load more...(3 pages left)