PocketMine-MP vulnerable to denial-of-service by sending large modal form responses

Affected version: <4.12.5

Reported by:
GitHub

PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Affected version: <4.8.1

Reported by:
GitHub

PocketMine-MP invalid skin geometry JSON data leading to server crash

Affected version: <4.7.2

Reported by:
GitHub