GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state
Low
GHSA-f9jp-856v-8642
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`
Moderate
GHSA-7hmv-4j2j-pp6f
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling
High
GHSA-788v-5pfp-93ff
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket
High
GHSA-h6rj-3m53-887h
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
High
GHSA-fqqv-56h5-f57g
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 2, 2025
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
High
GHSA-h6j3-j35f-v2x7
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
High
GHSA-92jh-gwch-jq38
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
High
GHSA-79rc-jjh6-rc89
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
High
GHSA-7wrv-6h42-w54f
was published
for
pocketmine/pocketmine-mp
(Composer)
Jul 14, 2023
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
High
CVE-2023-7332
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 6, 2023
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
High
GHSA-pqp3-8rrw-g8vm
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 6, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Moderate
GHSA-42qm-8v8m-m78c
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 1, 2023
ProTip!
Advisories are also available from the
GraphQL API