Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking... High Unreviewed
CVE-2024-43765 was published Jan 22, 2025
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
Malicious websites may have been able to user intent confirmation through tapjacking. This could... High Unreviewed
CVE-2024-11700 was published Nov 26, 2024
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due... High Unreviewed
CVE-2024-34743 was published Aug 16, 2024
A select option could partially obscure security prompts. This could be used by a malicious site... High Unreviewed
CVE-2024-7523 was published Aug 6, 2024
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by... High Unreviewed
CVE-2024-31324 was published Jul 9, 2024
In onCreate of multiple files, there is a possible way to trick the user into granting health... High Unreviewed
CVE-2024-31323 was published Jul 9, 2024
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the... High Unreviewed
CVE-2024-33377 was published Jun 14, 2024
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to... High Unreviewed
CVE-2024-2613 was published Mar 19, 2024
Cross-Frame Scripting vulnerability has been found on Plone CMS High
CVE-2024-0669 was published for Plone (pip) Jan 18, 2024
In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to... High Unreviewed
CVE-2022-20443 was published Jun 28, 2023
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to... High Unreviewed
CVE-2023-20913 was published Jan 26, 2023
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to... High Unreviewed
CVE-2022-20520 was published Dec 20, 2022
In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due... High Unreviewed
CVE-2022-20444 was published Dec 13, 2022
In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user... High Unreviewed
CVE-2022-20501 was published Dec 13, 2022
In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a... High Unreviewed
CVE-2022-20442 was published Dec 13, 2022
In the user interface buttons of PermissionController, there is a possible way to bypass... High Unreviewed
CVE-2021-39617 was published Dec 13, 2022
In the Framework, there is a possible way to enable a work profile without user consent due to a... High Unreviewed
CVE-2022-20331 was published Aug 13, 2022
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a... High Unreviewed
CVE-2022-20212 was published Jul 14, 2022
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when... High Unreviewed
CVE-2021-39691 was published Jun 16, 2022
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an... High Unreviewed
CVE-2021-0586 was published May 24, 2022
In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency... High Unreviewed
CVE-2021-0538 was published May 24, 2022
In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0... High Unreviewed
CVE-2021-0537 was published May 24, 2022
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due... High Unreviewed
CVE-2021-0506 was published May 24, 2022
In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning... High Unreviewed
CVE-2021-0523 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database