GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
45 advisories
protobufjs : Schema-derived names can shadow runtime-significant properties
Moderate
CVE-2026-54269
was published
for
protobufjs
(npm)
Jun 15, 2026
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)
Moderate
CVE-2026-44324
was published
for
github.com/free5gc/udr
(Go)
May 8, 2026
free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference
Moderate
CVE-2026-44317
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
Admidio Missing Minimum Administrator Check in Role Membership Removal
Moderate
CVE-2026-41662
was published
for
admidio/admidio
(Composer)
Apr 29, 2026
nimiq-blockchain: Peer-triggerable panic during history sync
Moderate
CVE-2026-34066
was published
for
nimiq-blockchain
(Rust)
Apr 22, 2026
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation
Moderate
CVE-2026-40343
was published
for
github.com/free5gc/udr
(Go)
Apr 21, 2026
free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors
Moderate
CVE-2026-40249
was published
for
github.com/free5gc/udr
(Go)
Apr 14, 2026
Cosign's verify-blob-attestation reports false positive when payload parsing fails
Moderate
CVE-2026-39395
was published
for
github.com/sigstore/cosign
(Go)
Apr 8, 2026
go-tuf affected by client DoS via malformed server response
Moderate
CVE-2026-23991
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 21, 2026
InventoryGui affected by item duplication in GUIs which use GuiStorageElement
Moderate
CVE-2025-62783
was published
for
de.themoep:inventorygui
(Maven)
Oct 27, 2025
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
Moderate
CVE-2025-32997
was published
for
http-proxy-middleware
(npm)
Apr 15, 2025
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Moderate
GHSA-fqpg-rq76-99pq
was published
for
github.com/jackc/pgx/v5
(Go)
Jul 5, 2024
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
ProTip!
Advisories are also available from the
GraphQL API