GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Ciphertext Malleability Issue in Tink Java
Moderate
CVE-2020-8929
was published
for
com.google.crypto.tink:tink
(Maven)
Oct 16, 2020
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
High
CVE-2026-23950
was published
for
tar
(npm)
Jan 21, 2026
Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Moderate
CVE-2026-25480
was published
for
litestar
(pip)
Feb 9, 2026
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Moderate
GHSA-392f-ggf5-fp3c
was published
for
openclaw
(npm)
Mar 2, 2026
Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines
Low
GHSA-hwhf-8p2f-45wr
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue
Low
GHSA-xh5h-p8c5-4w4x
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
uutils coreutils has an Improper Handling of Unicode Encoding Issue
Low
CVE-2026-35375
was published
for
coreutils
(Rust)
Apr 22, 2026
protobufjs has overlong UTF-8 decoding
Moderate
CVE-2026-44288
was published
for
@protobufjs/utf8
(npm)
May 12, 2026
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
High
CVE-2026-45062
was published
for
github.com/dunglas/frankenphp
(Go)
May 15, 2026
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
High
CVE-2026-45135
was published
for
github.com/caddyserver/caddy/v2
(Go)
May 18, 2026
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Moderate
CVE-2026-49401
was published
for
deno
(Rust)
Jun 16, 2026
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output
Low
CVE-2026-35346
was published
for
uu_comm
(Rust)
Jul 6, 2026
ln: rejects non-UTF-8 source filenames in target-directory mode
Low
CVE-2026-35373
was published
for
uu_ln
(Rust)
Jul 6, 2026
ProTip!
Advisories are also available from the
GraphQL API