Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

342 advisories

Loading
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution Low
CVE-2025-43789 was published for com.liferay:com.liferay.comment.web (Maven) Sep 12, 2025
Liferay Portal has External Control of System or Configuration Settings Low
CVE-2025-43792 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Sep 15, 2025
Liferay DXP Missing Critical Step in Authentication Low
CVE-2025-43798 was published for com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web (Maven) Sep 15, 2025
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
tkwilli94
Credited to tkwilli94
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
Resty has a Path Traversal vulnerability Low
CVE-2025-13435 was published for cn.dreampie:resty (Maven) Nov 20, 2025
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
NutzBoot vulnerable to information disclosure Low
CVE-2025-13804 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database