Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4,678 advisories

Loading
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka... Low Unreviewed
CVE-2026-44602 was published May 7, 2026
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty... High Unreviewed
CVE-2026-8063 was published May 7, 2026
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference) High
CVE-2026-42285 was published for github.com/osrg/gobgp/v4 (Go) May 5, 2026
bacon251 Credited to bacon251
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) Low
CVE-2026-42183 was published for github.com/argoproj/argo-workflows/v4 (Go) May 4, 2026
Wernerina Credited to Wernerina, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
Incus has Nil Dereferences on Restore via Malformed YAML Moderate
CVE-2026-41684 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
raefko Credited to raefko, Ectario, and stgraber Ectario Ectario
stgraber stgraber
Incus has Nil-Pointer Dereference via S3 Bucket Import Moderate
CVE-2026-41647 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
raefko Credited to raefko, Ectario, and stgraber Ectario Ectario
stgraber stgraber
Incus has a Nil-Pointer Dereference via Custom Volume Import Moderate
CVE-2026-40197 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata Moderate
CVE-2026-40195 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier... Moderate Unreviewed
CVE-2026-33007 was published May 4, 2026
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the... Moderate Unreviewed
CVE-2025-70070 was published May 4, 2026
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an... High Unreviewed
CVE-2026-29169 was published May 4, 2026
mutt before 2.3.2 has a show_sig_summary NULL pointer dereference. Low Unreviewed
CVE-2026-43864 was published May 4, 2026
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 Moderate Unreviewed
CVE-2026-6525 was published May 2, 2026
An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open... High Unreviewed
CVE-2026-42478 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error... Moderate Unreviewed
CVE-2026-43008 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: lag: Check for LAG... Moderate Unreviewed
CVE-2026-43013 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL... Moderate Unreviewed
CVE-2026-31726 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_ppe:... Moderate Unreviewed
CVE-2026-31736 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: comedi: ni_atmio16d: Fix... Moderate Unreviewed
CVE-2026-31749 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer... Moderate Unreviewed
CVE-2026-31744 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix... Moderate Unreviewed
CVE-2026-31727 was published May 1, 2026
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client... High Unreviewed
CVE-2026-42800 was published Apr 30, 2026
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 Moderate Unreviewed
CVE-2026-6526 was published Apr 30, 2026
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service Moderate Unreviewed
CVE-2026-7376 was published Apr 30, 2026
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute High
CVE-2026-41642 was published for github.com/osrg/gobgp/v4 (Go) Apr 29, 2026
bacon251 Credited to bacon251
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database