Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have... Moderate Unreviewed
CVE-2022-45418 was published Dec 22, 2022
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered... Moderate Unreviewed
CVE-2022-45420 was published Dec 22, 2022
When combining CSS properties for overflow and transform, the mouse cursor could interact with... High Unreviewed
CVE-2022-36319 was published Dec 22, 2022
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote... Moderate Unreviewed
CVE-2022-3034 was published Dec 22, 2022
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification... Moderate Unreviewed
CVE-2022-29914 was published Dec 22, 2022
Due to a layout change, iframe contents could have been rendered outside of its border. This... Moderate Unreviewed
CVE-2022-28286 was published Dec 22, 2022
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user... Moderate Unreviewed
CVE-2022-29911 was published Dec 22, 2022
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to... High Unreviewed
CVE-2022-20520 was published Dec 20, 2022
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input... Moderate Unreviewed
CVE-2022-46695 was published Dec 15, 2022
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS... Moderate Unreviewed
CVE-2022-42799 was published Nov 2, 2022
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card... Moderate Unreviewed
CVE-2025-5267 was published May 27, 2025
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution... Moderate Unreviewed
CVE-2025-49191 was published Jun 12, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-49192 was published Jun 12, 2025
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49... Moderate Unreviewed
CVE-2025-6557 was published Jun 24, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2025-36027 was published Jun 28, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-27455 was published Jul 3, 2025
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP,... Moderate Unreviewed
CVE-2025-6434 was published Jun 26, 2025
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to... Moderate Unreviewed
CVE-2025-6983 was published Jul 16, 2025
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected... Moderate Unreviewed
CVE-2025-7903 was published Jul 20, 2025
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper... Moderate Unreviewed
CVE-2025-54527 was published Jul 28, 2025
Affected is an unknown function of the component Login Page. The manipulation leads to improper... Moderate Unreviewed
CVE-2025-9108 was published Aug 18, 2025
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the... Moderate Unreviewed
CVE-2025-1494 was published Aug 26, 2025
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack... Low Unreviewed
CVE-2025-41000 was published Sep 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database