Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

290 advisories

Loading
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2025-36149 was published Nov 21, 2025
This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen... High Unreviewed
CVE-2025-13132 was published Nov 21, 2025
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software... Moderate Unreviewed
CVE-2025-0421 was published Nov 19, 2025
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack,... Moderate Unreviewed
CVE-2025-64387 was published Oct 31, 2025
Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to... Moderate Unreviewed
CVE-2025-30191 was published Oct 31, 2025
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An... Moderate Unreviewed
CVE-2024-30109 was published Oct 30, 2025
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. Moderate Unreviewed
CVE-2025-28129 was published Oct 6, 2025
HCL MyXalytics  6.6.  product is affected by Use of Vulnerable/Outdated Versions Vulnerability Low Unreviewed
CVE-2025-52658 was published Oct 3, 2025
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay... High Unreviewed
CVE-2025-32349 was published Sep 4, 2025
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the... High Unreviewed
CVE-2025-32350 was published Sep 4, 2025
Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows... Moderate Unreviewed
CVE-2024-13066 was published Sep 3, 2025
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack... Low Unreviewed
CVE-2025-41000 was published Sep 3, 2025
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the... Moderate Unreviewed
CVE-2025-1494 was published Aug 26, 2025
Affected is an unknown function of the component Login Page. The manipulation leads to improper... Moderate Unreviewed
CVE-2025-9108 was published Aug 18, 2025
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper... Moderate Unreviewed
CVE-2025-54527 was published Jul 28, 2025
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
Credited to lfgberg and odransfield
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected... Moderate Unreviewed
CVE-2025-7903 was published Jul 20, 2025
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to... Moderate Unreviewed
CVE-2025-6983 was published Jul 16, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-27455 was published Jul 3, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2025-36027 was published Jun 28, 2025
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP,... Moderate Unreviewed
CVE-2025-6434 was published Jun 26, 2025
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49... Moderate Unreviewed
CVE-2025-6557 was published Jun 24, 2025
The web application is vulnerable to clickjacking attacks. The site can be embedded into another... Moderate Unreviewed
CVE-2025-49192 was published Jun 12, 2025
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution... Moderate Unreviewed
CVE-2025-49191 was published Jun 12, 2025
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability Moderate
CVE-2025-49139 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
lfgberg odransfield
Credited to lfgberg and odransfield
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database