GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
185 advisories
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
Moderate
CVE-2026-8723
was published
for
qs
(npm)
May 22, 2026
HAX CMS: Denial of Service using Malicious Import Request
Moderate
CVE-2026-46357
was published
for
@haxtheweb/haxcms-nodejs
(npm)
May 19, 2026
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating
High
CVE-2026-44328
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
Moderate
CVE-2026-44323
was published
for
github.com/free5gc/udr
(Go)
May 8, 2026
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
High
CVE-2026-44322
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference
Moderate
CVE-2026-44317
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
High
CVE-2026-44316
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
High
CVE-2026-42285
was published
for
github.com/osrg/gobgp/v4
(Go)
May 5, 2026
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
Low
CVE-2026-42183
was published
for
github.com/argoproj/argo-workflows/v4
(Go)
May 4, 2026
Incus has Nil Dereferences on Restore via Malformed YAML
Moderate
CVE-2026-41684
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Nil-Pointer Dereference via S3 Bucket Import
Moderate
CVE-2026-41647
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference via Custom Volume Import
High
CVE-2026-40197
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
High
CVE-2026-40195
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
High
CVE-2026-41642
was published
for
github.com/osrg/gobgp/v4
(Go)
Apr 29, 2026
Electron: Crash in clipboard.readImage() on malformed clipboard image data
Low
CVE-2026-34781
was published
for
electron
(npm)
Apr 7, 2026
Ella Core Panics Upon NGAP handover failure
Moderate
CVE-2026-34761
was published
for
github.com/ellanetworks/core
(Go)
Apr 1, 2026
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted
High
GHSA-c279-989m-238f
was published
for
github.com/bishopfox/sliver
(Go)
Mar 29, 2026
Ella Core Panics during NAS Authentication Response/Failure with missing IEs
Moderate
CVE-2026-33907
was published
for
github.com/ellanetworks/core
(Go)
Mar 26, 2026
Ella Core panics when processing a crafted NGAP LocationReport message
Moderate
CVE-2026-33903
was published
for
github.com/ellanetworks/core
(Go)
Mar 26, 2026
Ella Core panics on malformed ULNASTransport Message without a Request Type
Moderate
CVE-2026-33283
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
Ella Core panics on malformed NGAP Location Report
High
CVE-2026-33282
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
Traefik: HTTP/2 frames can cause a running server to panic
High
GHSA-4hjq-9h5c-252j
was published
for
github.com/traefik/traefik/v2
(Go)
Mar 12, 2026
ProTip!
Advisories are also available from the
GraphQL API