Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster Moderate
CVE-2026-27120 was published for leaf-kit (Swift) Feb 19, 2026
bawolff Credited to bawolff, ptoffy, 0xTim, and gwynne ptoffy ptoffy
0xTim 0xTim gwynne gwynne
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash Moderate
CVE-2026-23886 was published for github.com/swift-otel/swift-otel (Swift) Jan 21, 2026
czechboy0 Credited to czechboy0 and slashmo slashmo slashmo
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum Credited to galbarnahum and AnatBB AnatBB AnatBB
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim Credited to 0xTim, gwynne, and baarde gwynne gwynne
baarde baarde
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel faroukfaiz10 faroukfaiz10
DuyTran-TomTom DuyTran-TomTom derekheld derekheld ebickle ebickle westonsteimel westonsteimel
Vapor's incorrect request error handling triggers server crash Moderate
CVE-2023-44386 was published for github.com/vapor/vapor (Swift) Oct 5, 2023
gwynne Credited to gwynne, 0xTim, and t0rchwo0d 0xTim 0xTim
t0rchwo0d t0rchwo0d
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob Credited to alextrob
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash Moderate
CVE-2021-32742 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
Vapor's Metrics integration could cause a system drain Moderate
CVE-2021-21328 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
Arbitrary file read using percent-encoded relative paths in FileMiddleware Moderate
CVE-2020-15230 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
lmcd Credited to lmcd
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Moderate
CVE-2022-3215 was published for github.com/apple/swift-nio (Swift) Jun 7, 2023
dellalibera Credited to dellalibera
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec Moderate
CVE-2021-36154 was published for github.com/grpc/grpc-swift (Swift) May 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database