Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
By displaying a prompt with a long description, the fullscreen notification could have been... Moderate Unreviewed
CVE-2023-25748 was published Jun 2, 2023
A background script invoking <code>requestFullscreen</code> and then blocking the main thread... Moderate Unreviewed
CVE-2023-25730 was published Jun 2, 2023
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset... Moderate Unreviewed
CVE-2024-6466 was published Jan 21, 2025
Clickjacking vulnerability in typecho v1.2.1. Moderate Unreviewed
CVE-2024-57369 was published Jan 17, 2025
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the... High Unreviewed
CVE-2025-1018 was published Feb 4, 2025
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This... Moderate Unreviewed
CVE-2025-1019 was published Feb 4, 2025
SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against... Moderate Unreviewed
CVE-2025-24874 was published Feb 11, 2025
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By... Moderate Unreviewed
CVE-2024-49796 was published Feb 6, 2025
A select option could partially obscure the confirmation prompt shown before launching external... High Unreviewed
CVE-2025-1940 was published Mar 4, 2025
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35... Moderate Unreviewed
CVE-2025-1917 was published Mar 5, 2025
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35... Moderate Unreviewed
CVE-2025-1923 was published Mar 5, 2025
In visitUris of multiple files, there is a possible information disclosure due to a confused... Moderate Unreviewed
CVE-2024-43084 was published Nov 13, 2024
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid... Moderate Unreviewed
CVE-2024-5698 was published Jun 11, 2024
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking... High Unreviewed
CVE-2024-43765 was published Jan 22, 2025
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a... Moderate Unreviewed
CVE-2024-4950 was published May 15, 2024
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a... Moderate Unreviewed
CVE-2022-20213 was published Jan 26, 2023
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code... Moderate Unreviewed
CVE-2005-2407 was published May 1, 2022
Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series,... Moderate Unreviewed
CVE-2025-24310 was published Apr 4, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection Moderate
CVE-2025-31138 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of... Moderate Unreviewed
CVE-2008-2716 was published May 1, 2022
Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac... Moderate Unreviewed
CVE-2025-25213 was published Apr 9, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9... Moderate Unreviewed
CVE-2025-0362 was published Apr 10, 2025
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led... Moderate Unreviewed
CVE-2022-45417 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database