Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

45 advisories

Loading
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (Maven) Jul 11, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch vulnerable to Heap-based Buffer Overflow Critical
CVE-2025-54951 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch heap buffer overflow vulnerability Critical
CVE-2025-54949 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch out-of-bounds access vulnerability Critical
CVE-2025-54950 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum AnatBB
Credited to galbarnahum and AnatBB
SwiftNIO SSL arbitrary code execution vulnerability Critical
CVE-2019-8849 was published for github.com/apple/swift-nio-ssl (Swift) May 24, 2022
morningstarxcdcode
Credited to morningstarxcdcode
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER Low
CVE-2025-0343 was published for github.com/apple/swift-asn1 (Swift) Jan 14, 2025
baarde
Credited to baarde
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
SwiftTerm Code Injection vulnerability High
CVE-2022-23465 was published for github.com/migueldeicaza/SwiftTerm (Swift) Jul 14, 2023
Denial of Service via reachable assertion High
CVE-2022-24777 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
Denial of service via HTTP/2 HEADERS frames padding High
CVE-2022-0618 was published for github.com/apple/swift-nio-http2 (Swift) Jun 9, 2023
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel
Credited to weichsel
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
Vapor's incorrect request error handling triggers server crash Moderate
CVE-2023-44386 was published for github.com/vapor/vapor (Swift) Oct 5, 2023
gwynne 0xTim
t0rchwo0d
Credited to gwynne, 0xTim, and t0rchwo0d
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim gwynne
baarde
Credited to 0xTim, gwynne, and baarde
PostgresNIO processes unencrypted bytes from man-in-the-middle Low
CVE-2023-31136 was published for github.com/vapor/postgres-nio (Swift) May 10, 2023
fabianfett gwynne
Credited to fabianfett and gwynne
ProTip! Advisories are also available from the GraphQL API