Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,818
Erlang
23
GitHub Actions
38
Go
2,203
Maven
2,576
npm
2,819
NuGet
487
pip
2,656
Pub
5
RubyGems
328
Rust
877
Swift
19
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing Moderate
CVE-2026-30867 was published for CocoaMQTT (Swift) Apr 3, 2026
t5uki Credited to t5uki
Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length High
CVE-2026-28815 was published for swift-crypto (Swift) Apr 3, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster Moderate
CVE-2026-27120 was published for github.com/vapor/leaf-kit (Swift) Feb 19, 2026
bawolff Credited to bawolff, ptoffy, 0xTim, and gwynne ptoffy ptoffy
0xTim 0xTim gwynne gwynne
Container and Containerization archive extraction does not guard against escapes from extraction base directory. Low
CVE-2026-20613 was published for github.com/apple/container (Swift) Jan 22, 2026
LLfam Credited to LLfam
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash Moderate
CVE-2026-23886 was published for github.com/swift-otel/swift-otel (Swift) Jan 21, 2026
czechboy0 Credited to czechboy0 and slashmo slashmo slashmo
jose-swift has JWT Signature Verification Bypass via None Algorithm High
GHSA-88q6-jcjg-hvmw was published for github.com/beatt83/jose-swift (Swift) Jan 9, 2026
snyff Credited to snyff and alex-security-guy alex-security-guy alex-security-guy
AWS SDK for Swift adopted defense in depth enhancement for region parameter value Low
GHSA-pc9j-5v36-2mww was published for github.com/awslabs/aws-sdk-swift (Swift) Jan 8, 2026
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum Credited to galbarnahum and AnatBB AnatBB AnatBB
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (Maven) Jul 11, 2025
Fidget-Grep Credited to Fidget-Grep
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER Low
CVE-2025-0343 was published for github.com/apple/swift-asn1 (Swift) Jan 14, 2025
baarde Credited to baarde
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim Credited to 0xTim, gwynne, and baarde gwynne gwynne
baarde baarde
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel faroukfaiz10 faroukfaiz10
DuyTran-TomTom DuyTran-TomTom derekheld derekheld ebickle ebickle westonsteimel westonsteimel
Vapor's incorrect request error handling triggers server crash Moderate
CVE-2023-44386 was published for github.com/vapor/vapor (Swift) Oct 5, 2023
gwynne Credited to gwynne, 0xTim, and t0rchwo0d 0xTim 0xTim
t0rchwo0d t0rchwo0d
SwiftNIO SSL arbitrary code execution vulnerability Critical
CVE-2019-8849 was published for github.com/apple/swift-nio-ssl (Swift) May 24, 2022
morningstarxcdcode Credited to morningstarxcdcode
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database