GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...

EUVD-2026-1416

AWS SDK for Swift adopted defense in depth enhancement for region parameter value...

PT-2025-3838 · Apple · Swift Asn.1

Name of the Vulnerable Software and Affected Versions: Swift ASN.1 affected versions not specified Description: The issue is caused by a confusion in the ASN.1 library, which assumes that certain objects can only be provided in either constructed or primitive forms. This can trigger a...

PT-2022-16872 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: grpc-swift versions prior to 1.7.2 Description: The issue is a denial of service attack via a reachable assertion, caused by incorrect logic when handling GOAWAY frames. This attack requires minimal resources to construct and send the require...

gRPC Swift 资源管理错误漏洞

gRPC Swift is the open source Swift language implementation of gRPC, which includes a gRPC Swift API and code generator. The API and generated code are provided for gRPC clients and servers and can be built using Xcode or the Swift Package Manager. gRPC Swift contains a security vulnerability...

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor ," the improved sandbox system for iMessage data was...

Vapor Path Traversal Vulnerability

vapor is a Swift web development framework for individual developers. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. A security vulnerability exists in versions of Vapor prior to 4.29.4, which can be exploited by an attacker to access data in ...

Kitura Information Disclosure Vulnerability

Kitura is a set of Web frameworks and Web servers based on the Swift language . A security vulnerability exists in Kitura 2.3.0 and earlier versions. The vulnerability can be exploited by an attacker to access unauthorized files or folders with the help of a specially crafted URL, resulting in...

Apple Xcode Swift Integer Overflow Vulnerability

Apple Xcode is a set of integrated development environments provided to developers by Apple, Inc. that are primarily used to develop applications for Mac OS X and iOS.Swift is a programming language used to develop Mac OS X and iOS applications. An integer overflow vulnerability exists in the...