Security: uutils/coreutils
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
cut: -s ignored in -z -d '' newline-delimiter modeGHSA-pmfc-4wjj-gmhx published
May 30, 2026 by sylvestreLow -
ln: rejects non-UTF-8 source filenames in target-directory modeGHSA-jcjr-rh8q-7xqf published
May 30, 2026 by sylvestreLow -
id: pretty-print uses effective GID instead of effective UID for name lookupGHSA-xv5w-cw7x-72gj published
May 30, 2026 by sylvestreModerate -
id: groups= computed from real GID instead of effective GIDGHSA-47c7-qrm7-mqw7 published
May 30, 2026 by sylvestreModerate -
printenv: environment variables with invalid UTF-8 are silently skipped (evades inspection)GHSA-p7h3-7q52-72w8 published
May 30, 2026 by sylvestreModerate -
uucore: safe_traversal TOCTOU protection only enabled on LinuxGHSA-w6xc-g9qj-vp32 published
May 30, 2026 by sylvestreLow -
cp: -R reads device nodes as streams, destroying device semanticsGHSA-8vrf-r662-2w2v published
May 30, 2026 by sylvestreModerate -
mkdir: -m exposes directory with umask perms before chmod (race window)GHSA-mj6p-44ch-cq69 published
May 30, 2026 by sylvestreLow -
comm: FIFO/pipe inputs are drained before comparison (data loss / hang)GHSA-3wfc-mgpm-9rq6 published
May 30, 2026 by sylvestreLow -
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 outputGHSA-6gcw-w7cp-94g9 published
May 30, 2026 by sylvestreModerate