diff --git a/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java b/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java
index 024b49b076eccfc2e213c54ca757f5979fdaa4bb..23c160638f5c9ce96ceb5d489b5b572bfe5478d9 100644
--- a/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ArticlesApi.java
@@ -148,6 +148,13 @@ public class ArticlesApi {
         User user = securityConfiguration.getUser();
         Article article;
         article = articleRepository.findOne(slug);
+
+        if(article == null)
+        {
+            LOGGER.warn("Cannot find article : " + slug);
+            return ResponseEntity.badRequest().body(null);
+        }
+
         if (!"published".equals(article.getStatus()) && !article.getCreatedBy().getUsername().equals(user.getUsername()))
         {
             return new ResponseEntity<>(HttpStatus.FORBIDDEN);
diff --git a/src/main/java/eu/hbp/mip/controllers/ModelsApi.java b/src/main/java/eu/hbp/mip/controllers/ModelsApi.java
index 03bae52c1a77b2c3ddaec0f439791735c20fc84c..57609b5bb4b9515e7a6b28cedbb88c648156ab17 100644
--- a/src/main/java/eu/hbp/mip/controllers/ModelsApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ModelsApi.java
@@ -208,6 +208,13 @@ public class ModelsApi {
         User user = securityConfiguration.getUser();
 
         Model model = modelRepository.findOne(slug);
+
+        if(model == null)
+        {
+            LOGGER.warn("Cannot find model : " + slug);
+            return ResponseEntity.badRequest().body(null);
+        }
+
         if (!model.getValid() && !model.getCreatedBy().getUsername().equals(user.getUsername()))
         {
             return new ResponseEntity<>(HttpStatus.FORBIDDEN);