GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
24 advisories
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Moderate
CVE-2026-49401
was published
for
deno
(Rust)
Jun 16, 2026
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
High
CVE-2026-45135
was published
for
github.com/caddyserver/caddy/v2
(Go)
May 18, 2026
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
High
CVE-2026-45062
was published
for
github.com/dunglas/frankenphp
(Go)
May 15, 2026
protobufjs has overlong UTF-8 decoding
Moderate
CVE-2026-44288
was published
for
@protobufjs/utf8
(npm)
May 12, 2026
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Moderate
GHSA-392f-ggf5-fp3c
was published
for
openclaw
(npm)
Mar 2, 2026
Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Moderate
CVE-2026-25480
was published
for
litestar
(pip)
Feb 9, 2026
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
High
CVE-2026-23950
was published
for
tar
(npm)
Jan 21, 2026
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
Ciphertext Malleability Issue in Tink Java
Moderate
CVE-2020-8929
was published
for
com.google.crypto.tink:tink
(Maven)
Oct 16, 2020
ProTip!
Advisories are also available from the
GraphQL API