Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,252
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests Moderate
CVE-2025-59836 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
1c3t0rm nicomda
utkuozdemir
Credited to 1c3t0rm, nicomda, and utkuozdemir
Nil dereference in NATS JWT, DoS of nats-server High
CVE-2020-26521 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
Nil dereference in NATS JWT causing DoS of nats-server High
GHSA-hmm9-r2m2-qg9w was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error Moderate
CVE-2025-59351 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Mattermost has Potential Server Crash due to Unvalidated Import Data Moderate
CVE-2025-8402 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Versity panic induced by AWS chunked data sent to port High
GHSA-v2ch-c8v8-fgr7 was published for github.com/versity/versitygw (Go) Aug 29, 2025
tonyipm
Credited to tonyipm
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers
Credited to joshbressers
Ollama Denial of Service (DoS) via Null Pointer Dereference High
CVE-2025-0312 was published for github.com/ollama/ollama (Go) Mar 20, 2025
wasmvm: Malicious smart contract can crash the chain Moderate
GHSA-23qp-3c2m-xx6w was published for github.com/CosmWasm/wasmvm (Go) Feb 4, 2025
NULL Pointer Dereference on moby image history Moderate
CVE-2024-36620 was published for github.com/moby/moby (Go) Nov 29, 2024
PingCAP TiDB nil pointer dereference Moderate
CVE-2024-37820 was published for github.com/pingcap/tidb (Go) Jun 25, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607
Credited to tdunlap607
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17142 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17075 was published for golang.org/x/net (Go) May 13, 2022
github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference High
CVE-2020-7731 was published for github.com/russellhaering/gosaml2 (Go) Nov 15, 2022
stevenjohnstone
Credited to stevenjohnstone
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures High
CVE-2020-7711 was published for github.com/russellhaering/gosaml2 (Go) Oct 7, 2022
KubeVirt NULL pointer dereference flaw Moderate
CVE-2024-31420 was published for kubevirt.io/kubevirt (Go) Apr 3, 2024
Parsing JSON serialized payload without protected field can lead to segfault Moderate
CVE-2024-21664 was published for github.com/lestrrat-go/jwx (Go) Jan 9, 2024
frestr hectorj2f
Credited to frestr and hectorj2f
quic-go vulnerable to pointer dereference that can lead to panic High
CVE-2023-46239 was published for github.com/quic-go/quic-go (Go) Oct 30, 2023
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability High
CVE-2020-29652 was published for golang.org/x/crypto (Go) May 24, 2022
Denial-of-Service within Docker container Moderate
CVE-2020-26213 was published for ktbs.dev/teler (Go) May 24, 2021
Go Ethereum Denial of Service High
CVE-2018-19184 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections Moderate
CVE-2023-0845 was published for github.com/hashicorp/consul (Go) Mar 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database