Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

181 advisories

Loading
Wasmtime: Memory leak in C API with `externref` and `anyref` types Low
CVE-2025-61670 was published for wasmtime-bin (pip) Jul 14, 2026
alexcrichton Credited to alexcrichton
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path Low
GHSA-cwv4-h3j5-w3cf was published for rama (Rust) Jul 7, 2026
chaitanyagarware Credited to chaitanyagarware
cut: -s ignored in -z -d '' newline-delimiter mode Low
CVE-2026-35381 was published for uu_cut (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility Low
GHSA-532v-xp3f-837c was published for coreutils (Rust) Apr 22, 2026 withdrawn
mknod: Device nodes created mislabeled on SELinux, with broken cleanup (remove_dir on a node) Low
CVE-2026-35361 was published for uu_mknod (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue Low
GHSA-79rc-qpw3-jv92 was published for coreutils (Rust) Apr 22, 2026 withdrawn
uucore: safe_traversal TOCTOU protection only enabled on Linux Low
CVE-2026-35362 was published for uucore (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
GHSA-ggc5-46rg-mr4v was published for coreutils (Rust) Apr 22, 2026 withdrawn
mkdir: -m exposes directory with umask perms before chmod (race window) Low
CVE-2026-35353 was published for uu_mkdir (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
GHSA-vf87-345h-9qhx was published for coreutils (Rust) Apr 22, 2026 withdrawn
id: pretty-print uses effective GID instead of effective UID for name lookup Low
CVE-2026-35371 was published for uu_id (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils's User Interface (UI) Misrepresents Critical Information Low
GHSA-53gr-wmf4-8hh3 was published for coreutils (Rust) Apr 22, 2026 withdrawn
cut: -s (only-delimited) ignored when delimiter is a newline Low
CVE-2026-35343 was published for uu_cut (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation Low
GHSA-hj9r-8pfm-rmjj was published for coreutils (Rust) Apr 22, 2026 withdrawn
ln: rejects non-UTF-8 source filenames in target-directory mode Low
CVE-2026-35373 was published for uu_ln (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
GHSA-xh5h-p8c5-4w4x was published for coreutils (Rust) Apr 22, 2026 withdrawn
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output Low
CVE-2026-35346 was published for uu_comm (Rust) Jul 6, 2026
Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
GHSA-hwhf-8p2f-45wr was published for coreutils (Rust) Apr 22, 2026 withdrawn
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp Low
CVE-2026-35342 was published for uu_mktemp (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable Low
GHSA-2cxp-xq3c-mjxx was published for coreutils (Rust) Apr 22, 2026 withdrawn
Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length Low
GHSA-h72h-ppcx-998p was published for zebra-network (Rust) Jul 2, 2026
ouicate Credited to ouicate and oxarbitrage oxarbitrage oxarbitrage
zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length Low
GHSA-443g-gwgp-49x4 was published for zebra-chain (Rust) Jul 2, 2026
dingledropper Credited to dingledropper, mpguerra, and oxarbitrage mpguerra mpguerra
oxarbitrage oxarbitrage
Cargo can be coerced to share credentials between registries Low
CVE-2026-5222 was published for cargo (Rust) Jun 26, 2026
christos-spearbit Credited to christos-spearbit, arlosi, weihanglo, ehuss, emilyalbini, cuviper, and Manishearth arlosi arlosi
weihanglo weihanglo ehuss ehuss emilyalbini emilyalbini cuviper cuviper Manishearth Manishearth
fixurjavainstall: Previous Fuji versions can accidentally wipe `/usr/share/man/man8` Low
GHSA-fq3w-p4fg-mw73 was published for fixurjavainstall (Rust) Jun 25, 2026
EpicVon2468 Credited to EpicVon2468
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
rnijveld Credited to rnijveld and squell squell squell
ProTip! Advisories are also available from the GraphQL API