Browse all 11 CVE security advisories affecting vapor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vapor is a web framework for Swift used to build server-side applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While no major public incidents have been widely documented, the 11 CVEs highlight ongoing security concerns, particularly in components like routing and template rendering. Developers should implement strict input sanitization and keep dependencies updated to mitigate risks. The framework's rapid evolution occasionally introduces new attack surfaces, requiring continuous security assessments to maintain robust protection against emerging threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28499 | LeafKit's HTML escaping may be skipped for Collection values, enabling XSS — leaf-kitCWE-79 | 6.1 | - | 2026-03-18 |
| CVE-2026-27120 | Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster — leaf-kitCWE-75 | 6.1 | Medium | 2026-02-20 |
| CVE-2021-37634 | LeafKit allows XSS with untrusted user input — leaf-kitCWE-79 | 7.4 | High | 2021-08-09 |
This page lists every published CVE security advisory associated with vapor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.