GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
67 advisories
Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)
Low
CVE-2026-48756
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}
Low
CVE-2026-48754
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted)
Moderate
CVE-2026-47753
was published
for
github.com/lxc/incus/v7
(Go)
Jun 10, 2026
Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt
High
CVE-2026-52878
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating
High
CVE-2026-44328
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
Moderate
CVE-2026-44323
was published
for
github.com/free5gc/udr
(Go)
May 8, 2026
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
High
CVE-2026-44322
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference
Moderate
CVE-2026-44317
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
High
CVE-2026-44316
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
Low
CVE-2026-42183
was published
for
github.com/argoproj/argo-workflows/v4
(Go)
May 4, 2026
Incus has Nil Dereferences on Restore via Malformed YAML
Moderate
CVE-2026-41684
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Nil-Pointer Dereference via S3 Bucket Import
Moderate
CVE-2026-41647
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
High
CVE-2026-42285
was published
for
github.com/osrg/gobgp/v4
(Go)
May 5, 2026
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
High
CVE-2026-41642
was published
for
github.com/osrg/gobgp/v4
(Go)
Apr 29, 2026
Incus has a Nil-Pointer Dereference via Custom Volume Import
High
CVE-2026-40197
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
High
CVE-2026-40195
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Ella Core Panics Upon NGAP handover failure
Moderate
CVE-2026-34761
was published
for
github.com/ellanetworks/core
(Go)
Apr 1, 2026
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted
High
GHSA-c279-989m-238f
was published
for
github.com/bishopfox/sliver
(Go)
Mar 29, 2026
Ella Core Panics during NAS Authentication Response/Failure with missing IEs
Moderate
CVE-2026-33907
was published
for
github.com/ellanetworks/core
(Go)
Mar 26, 2026
Ella Core panics when processing a crafted NGAP LocationReport message
Moderate
CVE-2026-33903
was published
for
github.com/ellanetworks/core
(Go)
Mar 26, 2026
Ella Core panics on malformed ULNASTransport Message without a Request Type
Moderate
CVE-2026-33283
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
Ella Core panics on malformed NGAP Location Report
High
CVE-2026-33282
was published
for
github.com/ellanetworks/core
(Go)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API