Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,783
NuGet
683
pip
3,463
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

232 advisories

Loading
SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against... Moderate Unreviewed
CVE-2025-24874 was published Feb 11, 2025
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the... High Unreviewed
CVE-2025-1018 was published Feb 4, 2025
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This... Moderate Unreviewed
CVE-2025-1019 was published Feb 4, 2025
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking... High Unreviewed
CVE-2024-43765 was published Jan 22, 2025
NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset... Moderate Unreviewed
CVE-2024-6466 was published Jan 21, 2025
Clickjacking vulnerability in typecho v1.2.1. Moderate Unreviewed
CVE-2024-57369 was published Jan 17, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2021-29827 was published Dec 19, 2024
Under certain circumstances, navigating to a webpage would result in the address missing from the... Moderate Unreviewed
CVE-2024-53976 was published Nov 26, 2024
Malicious websites may have been able to user intent confirmation through tapjacking. This could... High Unreviewed
CVE-2024-11700 was published Nov 26, 2024
A crafted URL containing Arabic script and whitespace characters could have hidden the true... Moderate Unreviewed
CVE-2024-11695 was published Nov 26, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7... Moderate Unreviewed
CVE-2024-7404 was published Nov 14, 2024
Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login... Moderate Unreviewed
CVE-2024-10454 was published Oct 31, 2024
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an... Critical Unreviewed
CVE-2024-10004 was published Oct 16, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a... Moderate Unreviewed
CVE-2024-9397 was published Oct 1, 2024
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the... Moderate Unreviewed
CVE-2024-8388 was published Sep 3, 2024
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due... High Unreviewed
CVE-2024-34743 was published Aug 16, 2024
A select option could partially obscure security prompts. This could be used by a malicious site... High Unreviewed
CVE-2024-7523 was published Aug 6, 2024
Select options could obscure the fullscreen notification dialog. This could be used by a... Moderate Unreviewed
CVE-2024-7518 was published Aug 6, 2024
The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6,... Moderate Unreviewed
CVE-2024-40817 was published Jul 30, 2024
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a... Moderate Unreviewed
CVE-2023-7013 was published Jul 17, 2024
In onCreate of multiple files, there is a possible way to trick the user into granting health... High Unreviewed
CVE-2024-31323 was published Jul 9, 2024
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by... High Unreviewed
CVE-2024-31324 was published Jul 9, 2024
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3... Moderate Unreviewed
CVE-2024-2177 was published Jul 9, 2024
IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly... Moderate Unreviewed
CVE-2023-42011 was published Jun 27, 2024
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the... High Unreviewed
CVE-2024-33377 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database