GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
NULL Pointer Dereference on moby image history
Moderate
CVE-2024-36620
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
PingCAP TiDB nil pointer dereference
Moderate
CVE-2024-37820
was published
for
github.com/pingcap/tidb
(Go)
Jun 25, 2024
KubeVirt NULL pointer dereference flaw
Moderate
CVE-2024-31420
was published
for
kubevirt.io/kubevirt
(Go)
Apr 3, 2024
Parsing JSON serialized payload without protected field can lead to segfault
Moderate
CVE-2024-21664
was published
for
github.com/lestrrat-go/jwx
(Go)
Jan 9, 2024
quic-go vulnerable to pointer dereference that can lead to panic
High
CVE-2023-46239
was published
for
github.com/quic-go/quic-go
(Go)
Oct 30, 2023
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
Moderate
CVE-2023-0845
was published
for
github.com/hashicorp/consul
(Go)
Mar 9, 2023
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Critical
CVE-2021-4236
was published
for
github.com/ecnepsnai/web
(Go)
Dec 28, 2022
Helm vulnerable to denial of service through schema file
Moderate
CVE-2022-23526
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
Helm vulnerable to denial of service through through repository index file
Moderate
CVE-2022-23525
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference
High
CVE-2020-7731
was published
for
github.com/russellhaering/gosaml2
(Go)
Nov 15, 2022
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures
High
CVE-2020-7711
was published
for
github.com/russellhaering/gosaml2
(Go)
Oct 7, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore
Moderate
CVE-2022-31076
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Moderate
CVE-2022-31077
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
NULL Pointer Dereference in HyperLedger Fabric
High
CVE-2021-43667
was published
for
github.com/hyperledger/fabric
(Go)
May 25, 2022
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
High
CVE-2020-29652
was published
for
golang.org/x/crypto
(Go)
May 24, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17142
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17075
was published
for
golang.org/x/net
(Go)
May 13, 2022
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Moderate
CVE-2020-8569
was published
for
github.com/kubernetes-csi/external-snapshotter/v2
(Go)
Feb 15, 2022
Nil dereference in NATS JWT, DoS of nats-server
High
CVE-2020-26521
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
Denial of Service in Go-Ethereum
Moderate
CVE-2021-43668
was published
for
github.com/ethereum/go-ethereum
(Go)
Nov 23, 2021
Go Ethereum Denial of Service
High
CVE-2018-19184
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
High
GHSA-gq5r-cc4w-g8xf
was published
for
github.com/russellhaering/gosaml2
(Go)
Jun 23, 2021
•
withdrawn
Denial-of-Service within Docker container
Moderate
CVE-2020-26213
was published
for
ktbs.dev/teler
(Go)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API