Send an e-mail to security@signalwire.com to report a vulnerability. If accepted, we'll create a security advisory and add you and your team as collaborators. Please allow our team sufficient time to resolve the vulnerability before disclosing it; we'll remain in contact about the fix and may ask for your assistance to verify it is resolved.
Security: signalwire/freeswitch
Security
SECURITY.md
-
Pre-authentication `userVariables` injection in `mod_verto`.GHSA-j38x-xm7f-9p2f published
Jun 3, 2026 by andywolkModerate -
Stack overflow in bundled cJSON parser via deeply nested JSON.GHSA-2v74-pcgh-75wg published
Jun 3, 2026 by andywolkHigh -
Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`.GHSA-9457-fxr9-x78m published
Jun 3, 2026 by andywolkModerate -
Pre-authentication bandwidth amplification via `mod_verto` speed-test frames.GHSA-p3gx-p2w7-wp35 published
Jun 3, 2026 by andywolkHigh -
Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read.GHSA-wfrq-qvg2-f88f published
Jun 3, 2026 by andywolkCritical -
Pre-authentication heap buffer overflow in libesl `Content-Length` parsing.GHSA-g597-9fgg-ghg9 published
Jun 3, 2026 by andywolkCritical -
Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity ExpansionGHSA-5vjg-pv56-vg4c published
May 14, 2026 by andywolkHigh -
FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpatGHSA-4jm3-xpcm-mwwq published
Jun 3, 2026 by andywolkModerate -
Out-of-bounds memory access in core STUN attribute parsingGHSA-9j6h-hc95-q926 published
Jun 3, 2026 by andywolkHigh -
FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiationGHSA-39gv-hq72-j6m6 published
Dec 23, 2023 by andywolkHigh
Learn more about advisories related to signalwire/freeswitch in the GitHub Advisory Database