GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,972
Composer 4,285
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,238
npm 3,741
NuGet 668
pip 3,422
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,113

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

222 advisories

Filter by severity

Sort by

Least recently updated

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4... Moderate Unreviewed

CVE-2023-3140 was published Jun 7, 2023

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior... Moderate Unreviewed

CVE-2023-1362 was published Mar 13, 2023

The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16,... Moderate Unreviewed

CVE-2022-32891 was published Feb 27, 2023

Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric... Moderate Unreviewed

CVE-2022-40268 was published Feb 2, 2023

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and... Moderate Unreviewed

CVE-2023-23126 was published Feb 1, 2023

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An... Moderate Unreviewed

CVE-2022-45096 was published Feb 1, 2023

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a... Moderate Unreviewed

CVE-2022-20215 was published Jan 26, 2023

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking... Moderate Unreviewed

CVE-2022-20214 was published Jan 26, 2023

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to... High Unreviewed

CVE-2023-20913 was published Jan 26, 2023

Due to a layout change, iframe contents could have been rendered outside of its border. This... Moderate Unreviewed

CVE-2022-28286 was published Dec 22, 2022

An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user... Moderate Unreviewed

CVE-2022-29911 was published Dec 22, 2022

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote... Moderate Unreviewed

CVE-2022-3034 was published Dec 22, 2022

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led... Moderate Unreviewed

CVE-2022-45417 was published Dec 22, 2022

Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered... Moderate Unreviewed

CVE-2022-45420 was published Dec 22, 2022

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have... Moderate Unreviewed

CVE-2022-45418 was published Dec 22, 2022

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check... Moderate Unreviewed

CVE-2022-20553 was published Dec 21, 2022

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to... High Unreviewed

CVE-2022-20520 was published Dec 20, 2022

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input... Moderate Unreviewed

CVE-2022-46695 was published Dec 15, 2022

In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due... High Unreviewed

CVE-2022-20444 was published Dec 13, 2022

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user... High Unreviewed

CVE-2022-20501 was published Dec 13, 2022

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a... High Unreviewed

CVE-2022-20442 was published Dec 13, 2022

In the user interface buttons of PermissionController, there is a possible way to bypass... High Unreviewed

CVE-2021-39617 was published Dec 13, 2022

AeroCMS v0.0.1 is vulnerable to ClickJacking. Moderate Unreviewed

CVE-2022-46061 was published Dec 13, 2022

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By... Moderate Unreviewed

CVE-2022-34318 was published Dec 12, 2022

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking... Moderate Unreviewed

CVE-2022-3260 was published Dec 8, 2022

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

222 advisories