GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt
High
CVE-2026-52878
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating
High
CVE-2026-44328
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
High
CVE-2026-44322
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
High
CVE-2026-44316
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
High
CVE-2026-42285
was published
for
github.com/osrg/gobgp/v4
(Go)
May 5, 2026
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
High
CVE-2026-41642
was published
for
github.com/osrg/gobgp/v4
(Go)
Apr 29, 2026
Incus has a Nil-Pointer Dereference via Custom Volume Import
High
CVE-2026-40197
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
High
CVE-2026-40195
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted
High
GHSA-c279-989m-238f
was published
for
github.com/bishopfox/sliver
(Go)
Mar 29, 2026
NATS Server panic via malicious compression on leafnode port
High
CVE-2026-29785
was published
for
github.com/nats-io/nats-server
(Go)
Mar 24, 2026
Ella Core panics on malformed NGAP Location Report
High
CVE-2026-33282
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference
High
CVE-2026-33064
was published
for
github.com/free5gc/udm
(Go)
Mar 18, 2026
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion
High
CVE-2026-33063
was published
for
github.com/free5gc/ausf
(Go)
Mar 18, 2026
Traefik: HTTP/2 frames can cause a running server to panic
High
GHSA-4hjq-9h5c-252j
was published
for
github.com/traefik/traefik/v2
(Go)
Mar 12, 2026
SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference
High
CVE-2025-68274
was published
for
github.com/emiago/sipgo
(Go)
Dec 16, 2025
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers
High
GHSA-m6wq-66p2-c8pc
was published
for
github.com/babylonlabs-io/babylon
(Go)
Dec 8, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload
High
CVE-2025-59537
was published
for
github.com/argoproj/argo-cd
(Go)
Sep 30, 2025
Nil dereference in NATS JWT, DoS of nats-server
High
CVE-2020-26521
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Nil dereference in NATS JWT causing DoS of nats-server
High
GHSA-hmm9-r2m2-qg9w
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Versity panic induced by AWS chunked data sent to port
High
GHSA-v2ch-c8v8-fgr7
was published
for
github.com/versity/versitygw
(Go)
Aug 29, 2025
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
•
withdrawn
Ollama Denial of Service (DoS) via Null Pointer Dereference
High
CVE-2025-0312
was published
for
github.com/ollama/ollama
(Go)
Mar 20, 2025
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
High
GHSA-gq5r-cc4w-g8xf
was published
for
github.com/russellhaering/gosaml2
(Go)
Jun 23, 2021
•
withdrawn
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17142
was published
for
golang.org/x/net
(Go)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API