Use of Weak Hash

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Use of Weak Hash in the Template.savepilimage function in swift/template/base.py. An attacker can exploit a weakness in cache key integrity to tamper with the...

jose-swift has JWT Signature Verification Bypass via None Algorithm

Summary An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling...

AWS SDK for Swift adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

AWS SDK for Swift adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

Asymmetric Resource Consumption (Amplification)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification due to the handling of HTTP/2 connections. An attacker can cause resource exhaustion by interleaving malicious traffic with legitimate...

scepter (>=1.1.0 <=1.4.1) potentially affected by CVE-2025-50460 via ms-swift (=3.10.3)

ms-swift PYPI version =3.10.3 is affected by a known vulnerability. The following packages have a transitive dependency on ms-swift and may be impacted: - scepter =1.1.0, =1.4.1 Source cves: CVE-2025-50460 Source advisory: SNYK:PYTHON-MSSWIFT-11502368...

Improper Handling of Syntactically Invalid Structure

Overview Affected versions of this package are vulnerable to Improper Handling of Syntactically Invalid Structure due to the parsing process. An attacker can cause the application to crash by sending specially crafted BER/DER data. Remediation Upgrade swift-asn1 to version 1.3.1 or higher...

grpc 安全漏洞

grpc is a Cloud Native Computing Foundation codebase for rpc connectivity applications. A security vulnerability exists in grpc-swift versions prior to 1.7.2, which stems from incorrect logic when handling GOAWAY frames...