| Title |
Severity |
Exploit |
Date |
Affected Version |
|
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
|
High
|
|
Sep 2, 2025
|
< 5.32.1
|
|
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()
|
Medium
|
|
Mar 10, 2025
|
< 5.25.2
|
|
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
|
High
|
|
Mar 6, 2024
|
< 5.11.1
|
|
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
|
High
|
|
Mar 6, 2024
|
< 5.11.2
|
|
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
|
High
|
|
Sep 14, 2023
|
>= 5.0.0 < 5.3.1
< 4.23.1
|
|
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
|
High
|
|
Sep 14, 2023
|
>= 5.2.0 < 5.3.1
|
|
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
|
High
|
|
Jul 14, 2023
|
>= 4.20.0 < 4.22.3
>= 5.0.0 < 5.2.1
|
|
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
|
High
|
|
Jun 6, 2023
|
< 4.18.1
|
|
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
|
High
|
|
Jun 6, 2023
|
< 4.20.5
>= 4.21.0 < 4.21.1
|
|
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
|
Medium
|
|
Jun 1, 2023
|
< 4.18.0-ALPHA2
|
pocketmine / pocketmine-mp