Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

811 advisories

Loading
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module Critical
CVE-2022-42120 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components Critical
CVE-2023-44309 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page Critical
CVE-2023-42629 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page Critical
CVE-2023-42497 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal Allows RCE via Deserialization of a JSON Payload Critical
CVE-2019-16891 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Critical
CVE-2025-24813 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 10, 2025
westonsteimel xuanzern
Credited to westonsteimel and xuanzern
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
Remote code injection in Log4j Critical
GHSA-94g7-hpv8-h9qm was published for com.splunk.logging:splunk-library-javalogging (Maven) Dec 14, 2021
natstatenet
Credited to natstatenet
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console Critical
CVE-2024-8980 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module Critical
CVE-2023-42627 was published for com.liferay.commerce:com.liferay.commerce.address.content.web (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget Critical
CVE-2023-42628 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter Critical
CVE-2025-32429 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jul 24, 2025
Jeecg-boot vulnerable to SQL Injection Critical
CVE-2022-45206 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Credited to achibear
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString Critical
CVE-2022-45207 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Credited to achibear
PowerJob vulnerable to incorrect access control Critical
CVE-2023-29924 was published for tech.powerjob:powerjob (Maven) Apr 21, 2023
achibear
Credited to achibear
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022 withdrawn
dsten56
Credited to dsten56
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Credited to chximn-dt
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
Credited to oscerd
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu Critical
CVE-2023-44310 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class Critical
CVE-2023-44311 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
Credited to renniepak
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database