Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian Credited to reteptilian
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6 Credited to Sim4n6
tomasilluminati Credited to tomasilluminati, ssushant0011, and urielcos ssushant0011 ssushant0011
urielcos urielcos
Sirdorblu Credited to Sirdorblu
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists Moderate
GHSA-392f-ggf5-fp3c was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
GHSA-hwhf-8p2f-45wr was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
GHSA-xh5h-p8c5-4w4x was published for coreutils (Rust) Apr 22, 2026 withdrawn
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35375 was published for coreutils (Rust) Apr 22, 2026
protobufjs has overlong UTF-8 decoding Moderate
CVE-2026-44288 was published for @protobufjs/utf8 (npm) May 12, 2026
Xvush Credited to Xvush and dcodeIO dcodeIO dcodeIO
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files High
CVE-2026-45062 was published for github.com/dunglas/frankenphp (Go) May 15, 2026
KC1zs4 Credited to KC1zs4, chenjj, and dunglas chenjj chenjj
dunglas dunglas
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files High
CVE-2026-45135 was published for github.com/caddyserver/caddy/v2 (Go) May 18, 2026
dunglas Credited to dunglas, KC1zs4, and chenjj KC1zs4 KC1zs4
chenjj chenjj
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS) Moderate
CVE-2026-49401 was published for deno (Rust) Jun 16, 2026
tomasilluminati Credited to tomasilluminati
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output Low
CVE-2026-35346 was published for uu_comm (Rust) Jul 6, 2026
ln: rejects non-UTF-8 source filenames in target-directory mode Low
CVE-2026-35373 was published for uu_ln (Rust) Jul 6, 2026
ProTip! Advisories are also available from the GraphQL API