Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

164 advisories

Loading
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native... Moderate Unreviewed
CVE-2021-43546 was published Dec 9, 2021
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with... Moderate Unreviewed
CVE-2021-38509 was published Dec 9, 2021
By displaying a form validity message in the correct location at the same time as a permission... Moderate Unreviewed
CVE-2021-38508 was published Dec 9, 2021
Through a series of navigations, Firefox could have entered fullscreen mode without notification... Moderate Unreviewed
CVE-2021-38506 was published Dec 9, 2021
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When... Moderate Unreviewed
CVE-2021-40834 was published Dec 11, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the... Moderate Unreviewed
CVE-2021-39054 was published Dec 14, 2021
In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking... Moderate Unreviewed
CVE-2021-1038 was published Dec 16, 2021
In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses... Moderate Unreviewed
CVE-2021-1006 was published Dec 16, 2021
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote... Moderate Unreviewed
CVE-2022-22552 was published Jan 22, 2022
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could... Moderate Unreviewed
CVE-2021-22819 was published Jan 29, 2022
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3... Moderate Unreviewed
CVE-2021-39038 was published Feb 25, 2022
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI... Moderate Unreviewed
CVE-2021-41657 was published Mar 11, 2022
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to... Moderate Unreviewed
CVE-2021-3660 was published Mar 11, 2022
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management ... Moderate Unreviewed
CVE-2021-27414 was published Mar 12, 2022
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party... Moderate Unreviewed
CVE-2022-28649 was published Apr 6, 2022
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code... Moderate Unreviewed
CVE-2005-2407 was published May 1, 2022
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of... Moderate Unreviewed
CVE-2008-2716 was published May 1, 2022
This vulnerability allows users to execute a clickjacking attack in the meeting's chat. Moderate Unreviewed
CVE-2021-27773 was published May 13, 2022
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content... Moderate Unreviewed
CVE-2011-1244 was published May 13, 2022
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to... Moderate Unreviewed
CVE-2018-1853 was published May 13, 2022
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same... Moderate Unreviewed
CVE-2014-1483 was published May 13, 2022
A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote... Moderate Unreviewed
CVE-2018-15423 was published May 13, 2022
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an... Moderate Unreviewed
CVE-2018-0355 was published May 13, 2022
Improper countermeasure against clickjacking attack in client certificates management screen was... Moderate Unreviewed
CVE-2018-16172 was published May 13, 2022
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow... Moderate Unreviewed
CVE-2018-1803 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database