Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,949
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,132 advisories

Loading
Memory Corruption when running a memory copy operation due to invalid writes caused by a null... High Unreviewed
CVE-2025-59604 was published Jun 2, 2026
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion... High Unreviewed
CVE-2025-59606 was published Jun 2, 2026
A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of... High Unreviewed
CVE-2025-70099 was published Jun 1, 2026
FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non... High Unreviewed
CVE-2026-37226 was published Jun 1, 2026
FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id... High Unreviewed
CVE-2026-37230 was published Jun 1, 2026
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule... High Unreviewed
CVE-2026-8359 was published May 27, 2026
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e.,... High Unreviewed
CVE-2026-8360 was published May 27, 2026
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed... High Unreviewed
CVE-2026-8180 was published May 27, 2026
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module... High Unreviewed
CVE-2026-8850 was published May 26, 2026
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and... High Unreviewed
CVE-2026-48829 was published May 26, 2026
When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are... High Unreviewed
CVE-2026-42409 was published May 13, 2026
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a... High Unreviewed
CVE-2026-40405 was published May 12, 2026
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. High Unreviewed
CVE-2026-40401 was published May 12, 2026
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over... High Unreviewed
CVE-2026-40414 was published May 12, 2026
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over... High Unreviewed
CVE-2026-40413 was published May 12, 2026
The affected devices contain a null pointer dereference vulnerability while processing specially... High Unreviewed
CVE-2025-40833 was published May 12, 2026
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating High
CVE-2026-44328 was published for github.com/free5gc/smf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference High
CVE-2026-44322 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference High
CVE-2026-44316 was published for github.com/free5gc/pcf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl... High Unreviewed
CVE-2026-43441 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing... High Unreviewed
CVE-2026-43408 was published May 8, 2026
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty... High Unreviewed
CVE-2026-8063 was published May 7, 2026
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5:... High Unreviewed
CVE-2026-43263 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate... High Unreviewed
CVE-2026-43213 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error... High Unreviewed
CVE-2026-43207 was published May 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database