Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Loading
Ella Core panics on malformed ULNASTransport Message without a Request Type Moderate
CVE-2026-33283 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
Ella Core panics on malformed NGAP Location Report High
CVE-2026-33282 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference High
CVE-2026-33064 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion High
CVE-2026-33063 was published for github.com/free5gc/ausf (Go) Mar 18, 2026
Traefik: HTTP/2 frames can cause a running server to panic High
GHSA-4hjq-9h5c-252j was published for github.com/traefik/traefik/v2 (Go) Mar 12, 2026
WolverMinion Credited to WolverMinion
OliveTin has crash on NPE by calling APIs with invalid bindings or log references Moderate
GHSA-fwhj-785h-43hh was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
maru1009 Credited to maru1009
Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers Low
CVE-2026-29781 was published for github.com/bishopfox/sliver (Go) Mar 5, 2026
skoveit Credited to skoveit
ImageMagick: Invalid MSL <map> can result in a use after free Moderate
CVE-2026-26983 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image Moderate
CVE-2026-25798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) Moderate
CVE-2026-25795 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
SurrealDB vulnerable to Denial of Service through scripting function memory edge case Moderate
GHSA-xx7m-69ff-9crp was published for surrealdb (Rust) Feb 12, 2026
LucyEgan Credited to LucyEgan
git2 has potential undefined behavior when dereferencing Buf struct Low
GHSA-j39j-6gw9-jw6h was published for git2 (Rust) Feb 4, 2026
Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message Moderate
CVE-2026-23831 was published for github.com/sigstore/rekor (Go) Jan 22, 2026
1seal Credited to 1seal
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load Moderate
CVE-2026-23952 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas Credited to OwenSanzas
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
`IterMut` violates Stacked Borrows by invalidating internal pointer Low
GHSA-rhfx-m35p-ff5j was published for lru (Rust) Jan 7, 2026
SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference High
CVE-2025-68274 was published for github.com/emiago/sipgo (Go) Dec 16, 2025
sandrogauci Credited to sandrogauci
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers High
GHSA-m6wq-66p2-c8pc was published for github.com/babylonlabs-io/babylon (Go) Dec 8, 2025
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao Credited to botengyao, phlax, agrawroh, and yanavlasov phlax phlax
agrawroh agrawroh yanavlasov yanavlasov
MLX has Wild Pointer Dereference in load_gguf() Moderate
CVE-2025-62609 was published for mlx (pip) Nov 21, 2025
wickgit Credited to wickgit, mmudryi, and markiyanch mmudryi mmudryi
markiyanch markiyanch
OSV-SCALIBR has NULL Pointer Dereference Low
CVE-2025-13425 was published for github.com/google/osv-scalibr (Go) Nov 20, 2025
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests Moderate
CVE-2025-59836 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
1c3t0rm Credited to 1c3t0rm, nicomda, and utkuozdemir nicomda nicomda
utkuozdemir utkuozdemir
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user High
CVE-2025-61668 was published for @plone/volto (npm) Oct 1, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson jake-ciolek jake-ciolek
crenshaw-dev crenshaw-dev blakepettersson blakepettersson
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error Moderate
CVE-2025-59351 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database