Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

26 advisories

Loading
ln: rejects non-UTF-8 source filenames in target-directory mode Low
CVE-2026-35373 was published for uu_ln (Rust) Jul 6, 2026
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output Low
CVE-2026-35346 was published for uu_comm (Rust) Jul 6, 2026
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS) Moderate
CVE-2026-49401 was published for deno (Rust) Jun 16, 2026
tomasilluminati Credited to tomasilluminati
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files High
CVE-2026-45135 was published for github.com/caddyserver/caddy/v2 (Go) May 18, 2026
dunglas Credited to dunglas, KC1zs4, and chenjj KC1zs4 KC1zs4
chenjj chenjj
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files High
CVE-2026-45062 was published for github.com/dunglas/frankenphp (Go) May 15, 2026
KC1zs4 Credited to KC1zs4, chenjj, and dunglas chenjj chenjj
dunglas dunglas
protobufjs has overlong UTF-8 decoding Moderate
CVE-2026-44288 was published for @protobufjs/utf8 (npm) May 12, 2026
Xvush Credited to Xvush and dcodeIO dcodeIO dcodeIO
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
GHSA-xh5h-p8c5-4w4x was published for coreutils (Rust) Apr 22, 2026 withdrawn
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35375 was published for coreutils (Rust) Apr 22, 2026
Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
GHSA-hwhf-8p2f-45wr was published for coreutils (Rust) Apr 22, 2026 withdrawn
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists Moderate
GHSA-392f-ggf5-fp3c was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Sirdorblu Credited to Sirdorblu
tomasilluminati Credited to tomasilluminati, ssushant0011, and urielcos ssushant0011 ssushant0011
urielcos urielcos
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6 Credited to Sim4n6
An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering... Moderate Unreviewed
CVE-2023-31169 was published Aug 31, 2023
ProTip! Advisories are also available from the GraphQL API