| Title |
Severity |
Exploit |
Date |
Affected Version |
|
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
|
High
|
|
Sep 2, 2025
|
< 5.32.1
|
|
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()
|
Medium
|
|
Mar 10, 2025
|
< 5.25.2
|
|
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
|
High
|
|
Mar 6, 2024
|
< 5.11.1
|
|
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
|
High
|
|
Mar 6, 2024
|
< 5.11.2
|
|
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
|
High
|
|
Sep 14, 2023
|
>= 5.0.0 < 5.3.1
< 4.23.1
|
|
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
|
High
|
|
Jun 6, 2023
|
< 4.18.1
|
|
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
|
High
|
|
Jun 6, 2023
|
< 4.20.5
>= 4.21.0 < 4.21.1
|
|
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
|
Medium
|
|
Jun 1, 2023
|
< 4.18.0-ALPHA2
|
|
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
|
Medium
|
|
Jan 10, 2023
|
< 4.12.5
|
|
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
|
High
|
|
Jan 9, 2023
|
< 4.8.1
|
pocketmine / pocketmine-mp