Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

570 advisories

Loading
Lechu69 Credited to Lechu69
Rattler vulnerable to package cache path traversal via conda package build string Moderate
CVE-2026-53956 was published for py_rattler (pip) Jul 9, 2026
OneRingBuf has a Use After Free Vulnerability Moderate
GHSA-q95x-7g78-rccv was published for oneringbuf (Rust) Jul 8, 2026
async-tar PAX extension-header desync enables tar entry/content smuggling Moderate
CVE-2026-53600 was published for async-tar (Rust) Jul 8, 2026
tonghuaroot Credited to tonghuaroot
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort) Moderate
CVE-2026-53531 was published for ratex-parser (Rust) Jul 7, 2026
nikkoenggaliano Credited to nikkoenggaliano
printenv: environment variables with invalid UTF-8 are silently skipped (evades inspection) Moderate
CVE-2026-35366 was published for uu_printenv (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Improper Check for Unusual or Exceptional Conditions Moderate
GHSA-7259-cwhx-3xx3 was published for coreutils (Rust) Apr 22, 2026 withdrawn
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication) Moderate
CVE-2026-35365 was published for uu_mv (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Link Following issue Moderate
GHSA-66fx-fqv6-5wwx was published for coreutils (Rust) Apr 22, 2026 withdrawn
cp: -R reads device nodes as streams, destroying device semantics Moderate
CVE-2026-35358 was published for uu_cp (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils Uses Incorrectly-Resolved Name or Reference Moderate
GHSA-67hp-f6hq-2h6g was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has a Path Traversal issue Moderate
GHSA-vchc-9ggh-3236 was published for coreutils (Rust) Apr 22, 2026 withdrawn
comm: FIFO/pipe inputs are drained before comparison (data loss / hang) Moderate
CVE-2026-35347 was published for uu_comm (Rust) Jul 6, 2026
id: groups= computed from real GID instead of effective GID Moderate
CVE-2026-35370 was published for uu_id (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Incorrect Authorization issue Moderate
GHSA-q94g-3gcf-66x7 was published for coreutils (Rust) Apr 22, 2026 withdrawn
rm: --preserve-root bypassed via a symlink to / (string check instead of dev/inode) Moderate
CVE-2026-35349 was published for uu_rm (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Link Following Issue Via rm Utility Moderate
GHSA-v762-x3cf-5mfg was published for coreutils (Rust) Apr 22, 2026 withdrawn
kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes (system crash / DoS) Moderate
CVE-2026-35369 was published for uu_kill (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has an Improper Input Validation issue Moderate
GHSA-gpcg-h6x2-c26p was published for coreutils (Rust) Apr 22, 2026 withdrawn
install -D: symlink race in directory creation allows arbitrary file overwrite Moderate
CVE-2026-35356 was published for uu_install (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
GHSA-m26v-hjq3-x245 was published for coreutils (Rust) Apr 22, 2026 withdrawn
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite Moderate
CVE-2026-35355 was published for uu_install (Rust) Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
GHSA-v24v-f45g-w7jf was published for coreutils (Rust) Apr 22, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API