diff --git a/src/EmoteListPacket.php b/src/EmoteListPacket.php
index 3c7e91f3..3b669edd 100644
--- a/src/EmoteListPacket.php
+++ b/src/EmoteListPacket.php
@@ -44,7 +44,14 @@ public function getEmoteIds() : array{ return $this->emoteIds; }
 	protected function decodePayload(PacketSerializer $in) : void{
 		$this->playerActorRuntimeId = $in->getActorRuntimeId();
 		$this->emoteIds = [];
-		for($i = 0, $len = $in->getUnsignedVarInt(); $i < $len; ++$i){
+		$len = $in->getUnsignedVarInt();
+
+		// While EmoteListPacket doesn't really freeze the server, its abusing can increase server load by 10-20%
+		if($len > 100){
+			throw new PacketDecodeException("Too many emote ids");
+		}
+
+		for($i = 0; $i < $len; ++$i){
 			$this->emoteIds[] = $in->getUUID();
 		}
 	}
diff --git a/src/PurchaseReceiptPacket.php b/src/PurchaseReceiptPacket.php
index e6166c3b..c39892a7 100644
--- a/src/PurchaseReceiptPacket.php
+++ b/src/PurchaseReceiptPacket.php
@@ -35,6 +35,11 @@ public static function create(array $entries) : self{
 
 	protected function decodePayload(PacketSerializer $in) : void{
 		$count = $in->getUnsignedVarInt();
+
+		if($count > 50) {
+			throw new PacketDecodeException("Too many entries");
+		}
+
 		for($i = 0; $i < $count; ++$i){
 			$this->entries[] = $in->getString();
 		}
diff --git a/src/ResourcePackClientResponsePacket.php b/src/ResourcePackClientResponsePacket.php
index 099a9059..0e02cafe 100644
--- a/src/ResourcePackClientResponsePacket.php
+++ b/src/ResourcePackClientResponsePacket.php
@@ -43,6 +43,9 @@ public static function create(int $status, array $packIds) : self{
 	protected function decodePayload(PacketSerializer $in) : void{
 		$this->status = $in->getByte();
 		$entryCount = $in->getLShort();
+		if($entryCount > 100) {
+			throw new PacketDecodeException("Too many pack ids");
+		}
 		$this->packIds = [];
 		while($entryCount-- > 0){
 			$this->packIds[] = $in->getString();
diff --git a/src/TextPacket.php b/src/TextPacket.php
index ceae96ca..de2aea4a 100644
--- a/src/TextPacket.php
+++ b/src/TextPacket.php
@@ -118,6 +118,11 @@ protected function decodePayload(PacketSerializer $in) : void{
 			case self::TYPE_JUKEBOX_POPUP:
 				$this->message = $in->getString();
 				$count = $in->getUnsignedVarInt();
+
+				if($count > 20) {
+					throw new PacketDecodeException("Too many parameters");
+				}
+
 				for($i = 0; $i < $count; ++$i){
 					$this->parameters[] = $in->getString();
 				}