Browse all 11 CVE security advisories affecting vapor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vapor is a web framework for Swift used to build server-side applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While no major public incidents have been widely documented, the 11 CVEs highlight ongoing security concerns, particularly in components like routing and template rendering. Developers should implement strict input sanitization and keep dependencies updated to mitigate risks. The framework's rapid evolution occasionally introduces new attack surfaces, requiring continuous security assessments to maintain robust protection against emerging threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-21631 | Integer overflow in URI leading to potential host spoofing — vaporCWE-20 | 6.5 | Medium | 2024-01-03 |
| CVE-2023-44386 | Incorrect request error handling triggers server crash in Vapor — vaporCWE-231 | 5.3 | Medium | 2023-10-05 |
| CVE-2022-31019 | DoS Vulnerability in URLEncodedFormDecoder in Vapor — vaporCWE-120 | 7.5 | High | 2022-06-06 |
| CVE-2022-31005 | Integer Overflow in Vapor's HTTP Range Request — vaporCWE-190 | 7.5 | High | 2022-05-31 |
| CVE-2021-32742 | Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash — vaporCWE-502 | 7.5 | High | 2021-07-09 |
| CVE-2021-21328 | Denial of Service — vaporCWE-400 | 5.3 | Medium | 2021-02-26 |
| CVE-2020-15230 | Arbitrary file read un Vapor — vaporCWE-22 | 8.5 | High | 2020-10-02 |
This page lists every published CVE security advisory associated with vapor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.