Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,141 advisories

Loading
Liferay Portal's selection modal is vulnerable to XSS Moderate
CVE-2025-43787 was published for com.liferay:com.liferay.users.admin.web (Maven) Sep 12, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Moderate
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
cai0duque
Credited to cai0duque
Liferay Portal is vulnerable to Reflected XSS attack through get_editor path Moderate
CVE-2025-43783 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Sep 10, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code Moderate
CVE-2025-59035 was published for indico (pip) Sep 10, 2025
ThiefMaster
Credited to ThiefMaster
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-43785 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 10, 2025
Decap CMS Cross Site Scripting (XSS) vulnerability Moderate
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
Liferay Portal is vulnerable to XSS attacks via its remote app title field Moderate
CVE-2025-43775 was published for com.liferay:com.liferay.client.extension.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its search bar portlet Moderate
CVE-2025-43781 was published for com.liferay:com.liferay.portal.search.web (Maven) Sep 9, 2025
YesWiki Cross Site Scripting vulnerability Moderate
CVE-2025-52277 was published for yeswiki/yeswiki (Composer) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin Moderate
CVE-2025-43778 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 9, 2025
sanitize-html is vulnerable to XSS through incomprehensive sanitization Moderate
CVE-2019-25225 was published for sanitize-html (npm) Sep 8, 2025
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
GHSA-xmcw-mv9p-7pq2 was published for org.keycloak:keycloak-account-ui (Maven) Sep 5, 2025 withdrawn
julianladisch
Credited to julianladisch
Memos Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2025-56761 was published for github.com/usememos/memos (Go) Sep 4, 2025
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Moderate
CVE-2025-9823 was published for mautic/core (Composer) Sep 3, 2025
nmmorette kuzmany
patrykgruszka
Credited to nmmorette, kuzmany, and patrykgruszka
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-56236 was published for FormCMS (NuGet) Aug 28, 2025
Liferay Portal stored cross-site scripting in text field of the web content structure Moderate
CVE-2025-43765 was published for com.liferay:com.liferay.journal.service (Maven) Aug 23, 2025
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter Moderate
CVE-2025-43770 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Aug 23, 2025
Liferay Portal vulnerable to Stored XSS in Components portlet Moderate
CVE-2025-43769 was published for com.liferay:com.liferay.plugins.admin.web (Maven) Aug 23, 2025
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect Moderate
CVE-2025-43760 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter Moderate
CVE-2025-43755 was published for com.liferay:com.liferay.layout.admin.web (Maven) Aug 21, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter Moderate
CVE-2025-43756 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality Moderate
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping Moderate
CVE-2025-43746 was published for ccom.liferay:com.liferay.dynamic.data.mapping.web (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter Moderate
CVE-2025-43757 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database