GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Moderate
GHSA-42qm-8v8m-m78c
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 1, 2023
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
High
GHSA-pqp3-8rrw-g8vm
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 6, 2023
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
High
CVE-2023-7332
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 6, 2023
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
High
GHSA-7wrv-6h42-w54f
was published
for
pocketmine/pocketmine-mp
(Composer)
Jul 14, 2023
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
High
GHSA-79rc-jjh6-rc89
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
High
GHSA-92jh-gwch-jq38
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
High
GHSA-h6j3-j35f-v2x7
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
High
GHSA-fqqv-56h5-f57g
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 2, 2025
PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket
High
GHSA-h6rj-3m53-887h
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling
High
GHSA-788v-5pfp-93ff
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`
Moderate
GHSA-7hmv-4j2j-pp6f
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state
Low
GHSA-f9jp-856v-8642
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
ProTip!
Advisories are also available from the
GraphQL API