Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,597 advisories

Loading
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the... High Unreviewed
CVE-2025-69624 was published Apr 13, 2026
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a... High Unreviewed
CVE-2025-66769 was published Apr 13, 2026
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by... High Unreviewed
CVE-2026-1584 was published Apr 9, 2026
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL... High Unreviewed
CVE-2026-28388 was published Apr 8, 2026
Issue summary: During processing of a crafted CMS EnvelopedData message with... High Unreviewed
CVE-2026-28389 was published Apr 8, 2026
Issue summary: During processing of a crafted CMS EnvelopedData message with... High Unreviewed
CVE-2026-28390 was published Apr 8, 2026
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL... Moderate Unreviewed
CVE-2026-5745 was published Apr 7, 2026
Electron: Crash in clipboard.readImage() on malformed clipboard image data Low
CVE-2026-34781 was published for electron (npm) Apr 7, 2026
frostb1ten Credited to frostb1ten
Ella Core Panics Upon NGAP handover failure Moderate
CVE-2026-34761 was published for github.com/ellanetworks/core (Go) Apr 1, 2026
offset Credited to offset
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer... High Unreviewed
CVE-2026-34874 was published Apr 1, 2026
The application does not validate the presence of required appearance (AP) data before accessing... Moderate Unreviewed
CVE-2026-3776 was published Apr 1, 2026
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted High
GHSA-c279-989m-238f was published for github.com/bishopfox/sliver (Go) Mar 29, 2026
VarshankNaik Credited to VarshankNaik
Ella Core Panics during NAS Authentication Response/Failure with missing IEs Moderate
CVE-2026-33907 was published for github.com/ellanetworks/core (Go) Mar 26, 2026
offset Credited to offset
Ella Core panics when processing a crafted NGAP LocationReport message Moderate
CVE-2026-33903 was published for github.com/ellanetworks/core (Go) Mar 26, 2026
offset Credited to offset
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can... Low Unreviewed
CVE-2026-0968 was published Mar 26, 2026
On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a... High Unreviewed
CVE-2026-4652 was published Mar 26, 2026
A null pointer dereference was addressed with improved input validation. This issue is fixed in... Moderate Unreviewed
CVE-2026-28886 was published Mar 25, 2026
NATS Server panic via malicious compression on leafnode port High
CVE-2026-29785 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source,... High Unreviewed
CVE-2026-27651 was published Mar 24, 2026
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0. Moderate Unreviewed
CVE-2026-4751 was published Mar 24, 2026
NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects... Moderate Unreviewed
CVE-2026-33853 was published Mar 24, 2026
NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This... Moderate Unreviewed
CVE-2026-4743 was published Mar 24, 2026
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone... High Unreviewed
CVE-2026-26828 was published Mar 23, 2026
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through... High Unreviewed
CVE-2026-26829 was published Mar 23, 2026
Ella Core panics on malformed ULNASTransport Message without a Request Type Moderate
CVE-2026-33283 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database