pocketmine/pocketmine-mp vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-XP4F-G2CM-RHG7Mediumpocketmine/pocketmine-mp: PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacketGHSA-F9JP-856V-8642Lowpocketmine/pocketmine-mp: PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn stateGHSA-7HMV-4J2J-PP6FMediumpocketmine/pocketmine-mp: PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`GHSA-788V-5PFP-93FFHighpocketmine/pocketmine-mp: PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse HandlingGHSA-H6RJ-3M53-887HHighpocketmine/pocketmine-mp: PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacketGHSA-FQQV-56H5-F57GHighpocketmine/pocketmine-mp: PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checkingGHSA-G274-C6JJ-H78PMediumpocketmine/pocketmine-mp: PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()GHSA-H6J3-J35F-V2X7Highpocketmine/pocketmine-mp: PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)GHSA-XC7J-WJ36-QJFRHighpocketmine/pocketmine-mp: PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalidGHSA-92JH-GWCH-JQ38Highpocketmine/pocketmine-mp: PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)GHSA-79RC-JJH6-RC89Highpocketmine/pocketmine-mp: PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKeyGHSA-7WRV-6H42-W54FHighpocketmine/pocketmine-mp: PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacketCVE-2023-7332Highpocketmine/pocketmine-mp: PocketMine-MP vulnerable to improperly checked dropped item count leading to server crashGHSA-PQP3-8RRW-G8VMHighpocketmine/pocketmine-mp: PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependencyGHSA-42QM-8V8M-M78CMediumpocketmine/pocketmine-mp: PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'GHSA-7M9R-RQ9J-WMMHMediumpocketmine/pocketmine-mp: PocketMine-MP vulnerable to denial-of-service by sending large modal form responsesGHSA-WQQV-JCFR-9F5GHighpocketmine/pocketmine-mp: PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crashGHSA-8CWQ-4CMF-PX73Highpocketmine/pocketmine-mp: PocketMine-MP invalid skin geometry JSON data leading to server crashGHSA-FQX3-R75H-VC89Highpocketmine/pocketmine-mp: Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MPGHSA-GJ94-V4P9-W672Mediumpocketmine/pocketmine-mp: Denial-of-service vulnerability processing large chat messages containing many newlinesGHSA-G5RR-P69H-7V3GHighpocketmine/pocketmine-mp: Insufficient type validation in pocketmine/pocketmine-mpGHSA-46C5-PFJ8-FV65Highpocketmine/pocketmine-mp: Improperly checked metadata on tools/armour itemstacks received from the clientGHSA-FM35-JGG3-3GRXHighpocketmine/pocketmine-mp: NaN/INF in serverbound movement packets can crash clients and serversGHSA-H79X-98R2-G6QCMediumpocketmine/pocketmine-mp: Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MPGHSA-WJFQ-88Q2-R34JHighpocketmine/pocketmine-mp: Unhandled exception when decoding form response JSON

Stop the waste.
Protect your environment with Kodem.