Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,855
Erlang
36
GitHub Actions
35
Go
2,481
Maven
5,000+
npm
4,102
NuGet
734
pip
3,915
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

276 advisories

Loading
Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows... Moderate Unreviewed
CVE-2024-13066 was published Sep 3, 2025
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack... Low Unreviewed
CVE-2025-41000 was published Sep 3, 2025
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the... Moderate Unreviewed
CVE-2025-1494 was published Aug 26, 2025
Affected is an unknown function of the component Login Page. The manipulation leads to improper... Moderate Unreviewed
CVE-2025-9108 was published Aug 18, 2025
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper... Moderate Unreviewed
CVE-2025-54527 was published Jul 28, 2025
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected... Moderate Unreviewed
CVE-2025-7903 was published Jul 20, 2025
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to... Moderate Unreviewed
CVE-2025-6983 was published Jul 16, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-27455 was published Jul 3, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2025-36027 was published Jun 28, 2025
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP,... Moderate Unreviewed
CVE-2025-6434 was published Jun 26, 2025
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49... Moderate Unreviewed
CVE-2025-6557 was published Jun 24, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-49192 was published Jun 12, 2025
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution... Moderate Unreviewed
CVE-2025-49191 was published Jun 12, 2025
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card... Moderate Unreviewed
CVE-2025-5267 was published May 27, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9... Moderate Unreviewed
CVE-2025-0362 was published Apr 10, 2025
Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac... Moderate Unreviewed
CVE-2025-25213 was published Apr 9, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection Moderate
CVE-2025-31138 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series,... Moderate Unreviewed
CVE-2025-24310 was published Apr 4, 2025
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35... Moderate Unreviewed
CVE-2025-1923 was published Mar 5, 2025
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35... Moderate Unreviewed
CVE-2025-1917 was published Mar 5, 2025
A select option could partially obscure the confirmation prompt shown before launching external... High Unreviewed
CVE-2025-1940 was published Mar 4, 2025
SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against... Moderate Unreviewed
CVE-2025-24874 was published Feb 11, 2025
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By... Moderate Unreviewed
CVE-2024-49796 was published Feb 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database