GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,784 advisories
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Moderate
CVE-2026-45046
was published
for
github.com/safedep/gryph
(Go)
May 11, 2026
Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding
High
CVE-2026-45047
was published
for
github.com/xddxdd/bird-lg-go
(Go)
May 11, 2026
Local Path Provisioner Vulnerable to HelperPod Template Injection
High
CVE-2026-44543
was published
for
github.com/rancher/local-path-provisioner
(Go)
May 11, 2026
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
Critical
CVE-2026-44477
was published
for
github.com/cloudnative-pg/cloudnative-pg
(Go)
May 11, 2026
Ella Core has handover failures during concurrent Security Mode Command
Low
CVE-2026-44474
was published
for
github.com/ellanetworks/core
(Go)
May 11, 2026
Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest
Moderate
CVE-2026-44475
was published
for
github.com/ellanetworks/core
(Go)
May 11, 2026
Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse
High
CVE-2026-44473
was published
for
github.com/ellanetworks/core
(Go)
May 11, 2026
go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
High
CVE-2026-45022
was published
for
github.com/go-git/go-git/v5
(Go)
May 11, 2026
Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication
High
CVE-2026-44985
was published
for
github.com/amir20/dozzle
(Go)
May 11, 2026
Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass
High
CVE-2026-42595
was published
for
github.com/gotenberg/gotenberg/v8
(Go)
May 11, 2026
free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions
Critical
CVE-2026-44330
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers
Critical
CVE-2026-44329
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating
High
CVE-2026-44328
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler
Critical
CVE-2026-44327
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions
Critical
CVE-2026-44326
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types
High
CVE-2026-44325
was published
for
github.com/free5gc/nrf
(Go)
May 8, 2026
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)
Moderate
CVE-2026-44324
was published
for
github.com/free5gc/udr
(Go)
May 8, 2026
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
Moderate
CVE-2026-44323
was published
for
github.com/free5gc/udr
(Go)
May 8, 2026
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
High
CVE-2026-44322
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
High
CVE-2026-44321
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path
High
CVE-2026-44320
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
High
CVE-2026-44319
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions
Moderate
CVE-2026-44318
was published
for
github.com/free5gc/bsf
(Go)
May 8, 2026
free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference
Moderate
CVE-2026-44317
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
High
CVE-2026-44316
was published
for
github.com/free5gc/pcf
(Go)
May 8, 2026
ProTip!
Advisories are also available from the
GraphQL API