Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,033 advisories

Loading
Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields Moderate
CVE-2025-43771 was published for com.liferay:com.liferay.flags.web (Maven) Oct 8, 2025
Liferay Portal Commerce Shop is vulnerable to Stored XSS through SVG file Moderate
CVE-2025-43829 was published for com.liferay.commerce:com.liferay.commerce.shop.by.diagram.web (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XXS through its Commerce Product's Name text field Moderate
CVE-2025-43821 was published for com.liferay.commerce:com.liferay.commerce.product.service (Maven) Oct 8, 2025
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page Moderate
CVE-2025-43822 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget Moderate
CVE-2025-43823 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API Critical
CVE-2025-52472 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Oct 6, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
Liferay Portal exposes sensitive user data through its Freemarker template Moderate
CVE-2025-43825 was published for com.liferay:com.liferay.portal.template.freemarker (Maven) Oct 4, 2025
Apache Kylin Files or Directories Accessible to External Parties High
CVE-2025-61734 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability High
CVE-2025-61735 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Apache Kylin Authentication Bypass Vulnerability High
CVE-2025-61733 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Liferay Portal Vulnerable to XSS in Web Content translation Moderate
CVE-2025-43826 was published for com.liferay.portal:release.portal.bom (Maven) Oct 1, 2025
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page Moderate
CVE-2025-43815 was published for com.liferay:com.liferay.product.navigation.control.menu.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet Moderate
CVE-2025-43813 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the related asset selector Moderate
CVE-2025-43811 was published for com.liferay:com.liferay.item.selector.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the web content template Moderate
CVE-2025-43812 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43818 was published for com.liferay:com.liferay.calendar.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter Moderate
CVE-2025-43817 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43820 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset pyguerder
Credited to Tanguy-Boisset and pyguerder
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Hutool allows remote code execution (RCE) via the QLExpressEngine class High
CVE-2025-56769 was published for cn.hutool:hutool-extra (Maven) Sep 26, 2025
Liferay Portal and DXP vulnerable to a memory leak Moderate
CVE-2025-43816 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Sep 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database