Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,111
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
37
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
wasmvm: Malicious smart contract can crash the chain Moderate
GHSA-23qp-3c2m-xx6w was published for github.com/CosmWasm/wasmvm (Go) Feb 4, 2025
NULL Pointer Dereference on moby image history Moderate
CVE-2024-36620 was published for github.com/moby/moby (Go) Nov 29, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
PingCAP TiDB nil pointer dereference Moderate
CVE-2024-37820 was published for github.com/pingcap/tidb (Go) Jun 25, 2024
KubeVirt NULL pointer dereference flaw Moderate
CVE-2024-31420 was published for kubevirt.io/kubevirt (Go) Apr 3, 2024
Parsing JSON serialized payload without protected field can lead to segfault Moderate
CVE-2024-21664 was published for github.com/lestrrat-go/jwx (Go) Jan 9, 2024
frestr hectorj2f
quic-go vulnerable to pointer dereference that can lead to panic High
CVE-2023-46239 was published for github.com/quic-go/quic-go (Go) Oct 30, 2023
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections Moderate
CVE-2023-0845 was published for github.com/hashicorp/consul (Go) Mar 9, 2023
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
Helm vulnerable to denial of service through schema file Moderate
CVE-2022-23526 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
Helm vulnerable to denial of service through through repository index file Moderate
CVE-2022-23525 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
AdamKorcz DavidKorczynski
github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference High
CVE-2020-7731 was published for github.com/russellhaering/gosaml2 (Go) Nov 15, 2022
stevenjohnstone
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures High
CVE-2020-7711 was published for github.com/russellhaering/gosaml2 (Go) Oct 7, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore Moderate
CVE-2022-31076 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server Moderate
CVE-2022-31077 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
NULL Pointer Dereference in HyperLedger Fabric High
CVE-2021-43667 was published for github.com/hyperledger/fabric (Go) May 25, 2022
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability High
CVE-2020-29652 was published for golang.org/x/crypto (Go) May 24, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17142 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17075 was published for golang.org/x/net (Go) May 13, 2022
NULL Pointer Dereference in Kubernetes CSI snapshot-controller Moderate
CVE-2020-8569 was published for github.com/kubernetes-csi/external-snapshotter/v2 (Go) Feb 15, 2022
Nil dereference in NATS JWT, DoS of nats-server High
CVE-2020-26521 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
Denial of Service in Go-Ethereum Moderate
CVE-2021-43668 was published for github.com/ethereum/go-ethereum (Go) Nov 23, 2021
Go Ethereum Denial of Service High
CVE-2018-19184 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database