GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
7 advisories
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
High
GHSA-h6j3-j35f-v2x7
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
High
GHSA-92jh-gwch-jq38
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
High
GHSA-79rc-jjh6-rc89
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
High
GHSA-7wrv-6h42-w54f
was published
for
pocketmine/pocketmine-mp
(Composer)
Jul 14, 2023
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
High
GHSA-h87r-f4vc-mchv
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 6, 2023
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
High
GHSA-pqp3-8rrw-g8vm
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 6, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Moderate
GHSA-42qm-8v8m-m78c
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 1, 2023
ProTip!
Advisories are also available from the
GraphQL API