Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
ws affected by a DoS when handling a request with many HTTP headers High
CVE-2024-37890 was published for ws (npm) Jun 17, 2024
rrlapointe
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel High
CVE-2023-38171 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17142 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17075 was published for golang.org/x/net (Go) May 13, 2022
github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference High
CVE-2020-7731 was published for github.com/russellhaering/gosaml2 (Go) Nov 15, 2022
stevenjohnstone
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures High
CVE-2020-7711 was published for github.com/russellhaering/gosaml2 (Go) Oct 7, 2022
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override High
CVE-2024-26130 was published for cryptography (pip) Feb 21, 2024
Alexander-Programming cd-work
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions High
CVE-2023-0216 was published for openssl-src (Rust) Feb 8, 2023
openssl-src subject to NULL dereference validating DSA public key High
CVE-2023-0217 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification High
CVE-2023-0401 was published for openssl-src (Rust) Feb 8, 2023
Using a Custom Cipher with `NID_undef` may lead to NULL encryption High
CVE-2022-3358 was published for openssl-src (Rust) Oct 11, 2022
quic-go vulnerable to pointer dereference that can lead to panic High
CVE-2023-46239 was published for github.com/quic-go/quic-go (Go) Oct 30, 2023
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability High
CVE-2020-29652 was published for golang.org/x/crypto (Go) May 24, 2022
Go Ethereum Denial of Service High
CVE-2018-19184 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
Nil dereference in NATS JWT causing DoS of nats-server High
GHSA-hmm9-r2m2-qg9w was published for github.com/nats-io/jwt (Go) May 21, 2021
Nokogiri NULL Pointer Dereference High
CVE-2018-14404 was published for nokogiri (RubyGems) Jan 17, 2019
Aubio is vulnerable to a NULL pointer dereference in new_aubio_filterbank High
CVE-2018-19801 was published for aubio (pip) Jul 26, 2019
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function High
CVE-2018-19802 was published for aubio (pip) Jul 26, 2019
tdunlap607
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
Null pointer deference in openssl-src High
CVE-2020-1967 was published for openssl-src (Rust) Aug 25, 2021
another-rex andrewpollock
Null pointer deference in fltk High
CVE-2021-28306 was published for fltk (Rust) Aug 25, 2021
Null pointer deference in fltk High
CVE-2021-28307 was published for fltk (Rust) Aug 25, 2021
VTK NULL pointer dereference vulnerability High
CVE-2021-42521 was published for vtk (pip) Aug 26, 2022
ProTip! Advisories are also available from the GraphQL API