Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

180 advisories

Loading
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path Low
GHSA-cwv4-h3j5-w3cf was published for rama (Rust) Jul 7, 2026
chaitanyagarware Credited to chaitanyagarware
cut: -s ignored in -z -d '' newline-delimiter mode Low
CVE-2026-35381 was published for uu_cut (Rust) Jul 6, 2026
mknod: Device nodes created mislabeled on SELinux, with broken cleanup (remove_dir on a node) Low
CVE-2026-35361 was published for uu_mknod (Rust) Jul 6, 2026
uucore: safe_traversal TOCTOU protection only enabled on Linux Low
CVE-2026-35362 was published for uucore (Rust) Jul 6, 2026
mkdir: -m exposes directory with umask perms before chmod (race window) Low
CVE-2026-35353 was published for uu_mkdir (Rust) Jul 6, 2026
id: pretty-print uses effective GID instead of effective UID for name lookup Low
CVE-2026-35371 was published for uu_id (Rust) Jul 6, 2026
cut: -s (only-delimited) ignored when delimiter is a newline Low
CVE-2026-35343 was published for uu_cut (Rust) Jul 6, 2026
ln: rejects non-UTF-8 source filenames in target-directory mode Low
CVE-2026-35373 was published for uu_ln (Rust) Jul 6, 2026
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output Low
CVE-2026-35346 was published for uu_comm (Rust) Jul 6, 2026
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp Low
CVE-2026-35342 was published for uu_mktemp (Rust) Jul 6, 2026
Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length Low
GHSA-h72h-ppcx-998p was published for zebra-network (Rust) Jul 2, 2026
ouicate Credited to ouicate and oxarbitrage oxarbitrage oxarbitrage
zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length Low
GHSA-443g-gwgp-49x4 was published for zebra-chain (Rust) Jul 2, 2026
dingledropper Credited to dingledropper, mpguerra, and oxarbitrage mpguerra mpguerra
oxarbitrage oxarbitrage
Cargo can be coerced to share credentials between registries Low
CVE-2026-5222 was published for cargo (Rust) Jun 26, 2026
christos-spearbit Credited to christos-spearbit, arlosi, weihanglo, ehuss, emilyalbini, cuviper, and Manishearth arlosi arlosi
weihanglo weihanglo ehuss ehuss emilyalbini emilyalbini cuviper cuviper Manishearth Manishearth
fixurjavainstall: Previous Fuji versions can accidentally wipe `/usr/share/man/man8` Low
GHSA-fq3w-p4fg-mw73 was published for fixurjavainstall (Rust) Jun 25, 2026
EpicVon2468 Credited to EpicVon2468
diesel-async may expose uninitialized padding bytes for MySQL temporal columns Low
GHSA-ff9q-rm55-q7qr was published for diesel-async (Rust) May 7, 2026
paolobarbolini Credited to paolobarbolini
Kanidm has non-constant-time comparison of OAuth2 client_secret Low
GHSA-53hj-r94p-8c8f was published for kanidm (Rust) May 6, 2026
mbarbero Credited to mbarbero
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed Low
GHSA-22w3-693w-x895 was published for webauthn-authenticator-rs (Rust) May 6, 2026
dorakemon Credited to dorakemon
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks Low
GHSA-xx64-wwv2-hcqq was published for astral-tokio-tar (Rust) May 6, 2026
LawnGnome Credited to LawnGnome and woodruffw woodruffw woodruffw
sequoia-git has broken hard revocation handling Low
GHSA-g27r-r6ph-vf5r was published for sequoia-git (Rust) May 4, 2026
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
GHSA-xh5h-p8c5-4w4x was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils's User Interface (UI) Misrepresents Critical Information Low
GHSA-53gr-wmf4-8hh3 was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility Low
GHSA-532v-xp3f-837c was published for coreutils (Rust) Apr 22, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API