Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
LinZiyuu Credited to LinZiyuu
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference) High
CVE-2026-42285 was published for github.com/osrg/gobgp/v4 (Go) May 5, 2026
bacon251 Credited to bacon251
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute High
CVE-2026-41642 was published for github.com/osrg/gobgp/v4 (Go) Apr 29, 2026
bacon251 Credited to bacon251
Incus has a Nil-Pointer Dereference via Custom Volume Import High
CVE-2026-40197 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata High
CVE-2026-40195 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted High
GHSA-c279-989m-238f was published for github.com/bishopfox/sliver (Go) Mar 29, 2026
VarshankNaik Credited to VarshankNaik
NATS Server panic via malicious compression on leafnode port High
CVE-2026-29785 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
Ella Core panics on malformed NGAP Location Report High
CVE-2026-33282 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference High
CVE-2026-33064 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion High
CVE-2026-33063 was published for github.com/free5gc/ausf (Go) Mar 18, 2026
Traefik: HTTP/2 frames can cause a running server to panic High
GHSA-4hjq-9h5c-252j was published for github.com/traefik/traefik/v2 (Go) Mar 12, 2026
WolverMinion Credited to WolverMinion
SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference High
CVE-2025-68274 was published for github.com/emiago/sipgo (Go) Dec 16, 2025
sandrogauci Credited to sandrogauci
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers High
GHSA-m6wq-66p2-c8pc was published for github.com/babylonlabs-io/babylon (Go) Dec 8, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson jake-ciolek jake-ciolek
crenshaw-dev crenshaw-dev blakepettersson blakepettersson
Nil dereference in NATS JWT, DoS of nats-server High
CVE-2020-26521 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
Nil dereference in NATS JWT causing DoS of nats-server High
GHSA-hmm9-r2m2-qg9w was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Versity panic induced by AWS chunked data sent to port High
GHSA-v2ch-c8v8-fgr7 was published for github.com/versity/versitygw (Go) Aug 29, 2025
tonyipm Credited to tonyipm
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers Credited to joshbressers
Ollama Denial of Service (DoS) via Null Pointer Dereference High
CVE-2025-0312 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607 Credited to tdunlap607
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17142 was published for golang.org/x/net (Go) May 13, 2022
ProTip! Advisories are also available from the GraphQL API