Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

209 advisories

Loading
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the... Moderate Unreviewed
CVE-2024-8388 was published Sep 3, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a... Moderate Unreviewed
CVE-2024-9397 was published Oct 1, 2024
Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login... Moderate Unreviewed
CVE-2024-10454 was published Oct 31, 2024
In visitUris of multiple files, there is a possible information disclosure due to a confused... Moderate Unreviewed
CVE-2024-43084 was published Nov 13, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7... Moderate Unreviewed
CVE-2024-7404 was published Nov 14, 2024
A crafted URL containing Arabic script and whitespace characters could have hidden the true... Moderate Unreviewed
CVE-2024-11695 was published Nov 26, 2024
Under certain circumstances, navigating to a webpage would result in the address missing from the... Moderate Unreviewed
CVE-2024-53976 was published Nov 26, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2021-29827 was published Dec 19, 2024
Clickjacking vulnerability in typecho v1.2.1. Moderate Unreviewed
CVE-2024-57369 was published Jan 17, 2025
NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset... Moderate Unreviewed
CVE-2024-6466 was published Jan 21, 2025
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This... Moderate Unreviewed
CVE-2025-1019 was published Feb 4, 2025
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By... Moderate Unreviewed
CVE-2024-49796 was published Feb 6, 2025
SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against... Moderate Unreviewed
CVE-2025-24874 was published Feb 11, 2025
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35... Moderate Unreviewed
CVE-2025-1917 was published Mar 5, 2025
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35... Moderate Unreviewed
CVE-2025-1923 was published Mar 5, 2025
Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series,... Moderate Unreviewed
CVE-2025-24310 was published Apr 4, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection Moderate
CVE-2025-31138 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac... Moderate Unreviewed
CVE-2025-25213 was published Apr 9, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9... Moderate Unreviewed
CVE-2025-0362 was published Apr 10, 2025
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card... Moderate Unreviewed
CVE-2025-5267 was published May 27, 2025
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution... Moderate Unreviewed
CVE-2025-49191 was published Jun 12, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-49192 was published Jun 12, 2025
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49... Moderate Unreviewed
CVE-2025-6557 was published Jun 24, 2025
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP,... Moderate Unreviewed
CVE-2025-6434 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database