GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
uv allows ZIP payload obfuscation through parsing differentials
Moderate
CVE-2025-54368
was published
for
uv
(pip)
Aug 7, 2025
astral-tokio-tar has a path traversal in tar extraction
Moderate
CVE-2025-59825
was published
for
astral-tokio-tar
(Rust)
Sep 23, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
GHSA-pqhf-p39g-3x64
was published
for
uv
(pip)
Oct 29, 2025
astral-tokio-tar insufficiently validates PAX extensions during extraction
Moderate
CVE-2026-32766
was published
for
astral-tokio-tar
(Rust)
Mar 17, 2026
tar-rs incorrectly ignores PAX size headers if header size is nonzero
Moderate
CVE-2026-33055
was published
for
tar
(Rust)
Mar 20, 2026
ProTip!
Advisories are also available from the
GraphQL API