[HIGH] PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

PKSA-gsjv-vrbx-n6br GHSA-fqqv-56h5-f57g

Affected version: <5.32.1

Reported by:
GitHub

[MEDIUM] PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()

PKSA-1y47-vhgh-zq2y GHSA-g274-c6jj-h78p

Affected version: <5.25.2

Reported by:
GitHub

[HIGH] PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)

PKSA-7cft-g1hs-ddc8 GHSA-h6j3-j35f-v2x7

Affected version: <5.11.1

Reported by:
GitHub

[HIGH] PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid

PKSA-krv9-c6mg-smc2 GHSA-xc7j-wj36-qjfr

Affected version: <5.11.2

Reported by:
GitHub

[HIGH] PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

PKSA-nv2r-zxzd-wzsw GHSA-92jh-gwch-jq38

Affected version: <=4.23.0|>=5.0.0,<=5.3.0

Reported by:
GitHub

[HIGH] PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket

PKSA-w66x-n614-p3z6 GHSA-7wrv-6h42-w54f

Affected version: >=5.0.0,<5.2.1|>=4.20.0,<4.22.3

Reported by:
GitHub