GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
Wasmtime: Memory leak in C API with `externref` and `anyref` types
Low
CVE-2025-61670
was published
for
wasmtime-bin
(pip)
Jul 14, 2026
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
Low
GHSA-cwv4-h3j5-w3cf
was published
for
rama
(Rust)
Jul 7, 2026
cut: -s ignored in -z -d '' newline-delimiter mode
Low
CVE-2026-35381
was published
for
uu_cut
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility
Low
GHSA-532v-xp3f-837c
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
mknod: Device nodes created mislabeled on SELinux, with broken cleanup (remove_dir on a node)
Low
CVE-2026-35361
was published
for
uu_mknod
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue
Low
GHSA-79rc-qpw3-jv92
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
uucore: safe_traversal TOCTOU protection only enabled on Linux
Low
CVE-2026-35362
was published
for
uucore
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-ggc5-46rg-mr4v
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
mkdir: -m exposes directory with umask perms before chmod (race window)
Low
CVE-2026-35353
was published
for
uu_mkdir
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-vf87-345h-9qhx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
id: pretty-print uses effective GID instead of effective UID for name lookup
Low
CVE-2026-35371
was published
for
uu_id
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils's User Interface (UI) Misrepresents Critical Information
Low
GHSA-53gr-wmf4-8hh3
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
cut: -s (only-delimited) ignored when delimiter is a newline
Low
CVE-2026-35343
was published
for
uu_cut
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation
Low
GHSA-hj9r-8pfm-rmjj
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
ln: rejects non-UTF-8 source filenames in target-directory mode
Low
CVE-2026-35373
was published
for
uu_ln
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue
Low
GHSA-xh5h-p8c5-4w4x
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output
Low
CVE-2026-35346
was published
for
uu_comm
(Rust)
Jul 6, 2026
Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines
Low
GHSA-hwhf-8p2f-45wr
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp
Low
CVE-2026-35342
was published
for
uu_mktemp
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable
Low
GHSA-2cxp-xq3c-mjxx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length
Low
GHSA-h72h-ppcx-998p
was published
for
zebra-network
(Rust)
Jul 2, 2026
zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length
Low
GHSA-443g-gwgp-49x4
was published
for
zebra-chain
(Rust)
Jul 2, 2026
Cargo can be coerced to share credentials between registries
Low
CVE-2026-5222
was published
for
cargo
(Rust)
Jun 26, 2026
fixurjavainstall: Previous Fuji versions can accidentally wipe `/usr/share/man/man8`
Low
GHSA-fq3w-p4fg-mw73
was published
for
fixurjavainstall
(Rust)
Jun 25, 2026
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
ProTip!
Advisories are also available from the
GraphQL API