Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content... Low Unreviewed
CVE-2025-62328 was published Mar 12, 2026
OpenClaw has Canvas route hardening for mixed-trust deployments Moderate
GHSA-cjv3-m589-v3rx was published for openclaw (npm) Mar 3, 2026
NucleiAv Credited to NucleiAv
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a... High Unreviewed
CVE-2026-0007 was published Mar 2, 2026
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks,... Moderate Unreviewed
CVE-2025-58405 was published Mar 2, 2026
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking... Moderate Unreviewed
CVE-2026-27511 was published Feb 23, 2026
XWiki vulnerable to click-jacking through CSS injection in comments Moderate
CVE-2026-26000 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 12, 2026
keechy1231 Credited to keechy1231
An inconsistent user interface issue was addressed with improved state management. This issue is... Moderate Unreviewed
CVE-2026-20645 was published Feb 12, 2026
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could... High Unreviewed
CVE-2025-15032 was published Jan 16, 2026
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation ... Moderate Unreviewed
CVE-2025-52987 was published Jan 15, 2026
An attacker may exploit missing protection against clickjacking by tricking users into performing... Moderate Unreviewed
CVE-2026-22918 was published Jan 15, 2026
PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to... Moderate Unreviewed
CVE-2025-65922 was published Jan 5, 2026
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature Low
GHSA-24v3-254g-jv85 was published for @tutao/tutanota-utils (npm) Dec 19, 2025
ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address... High Unreviewed
CVE-2025-14809 was published Dec 19, 2025
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar... High Unreviewed
CVE-2025-14812 was published Dec 19, 2025
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI... Moderate Unreviewed
CVE-2025-59479 was published Dec 16, 2025
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110... Moderate Unreviewed
CVE-2025-14373 was published Dec 12, 2025
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an... High Unreviewed
CVE-2025-48639 was published Dec 8, 2025
In multiple locations, there is a possible way to trick a user into accepting a permission due to... High Unreviewed
CVE-2025-48597 was published Dec 8, 2025
FeehiCMS is vulnerable to reverse tabnabbing Moderate
CVE-2025-63522 was published for feehi/feehicms (Composer) Dec 1, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2025-36149 was published Nov 21, 2025
This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen... High Unreviewed
CVE-2025-13132 was published Nov 21, 2025
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software... Moderate Unreviewed
CVE-2025-0421 was published Nov 19, 2025
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack,... Moderate Unreviewed
CVE-2025-64387 was published Oct 31, 2025
Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to... Moderate Unreviewed
CVE-2025-30191 was published Oct 31, 2025
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An... Moderate Unreviewed
CVE-2024-30109 was published Oct 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database