Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,149 advisories

Loading
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the web content template Moderate
CVE-2025-43812 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43818 was published for com.liferay:com.liferay.calendar.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet Moderate
CVE-2025-43813 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43820 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter Moderate
CVE-2025-43817 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page Moderate
CVE-2025-43815 was published for com.liferay:com.liferay.product.navigation.control.menu.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the related asset selector Moderate
CVE-2025-43811 was published for com.liferay:com.liferay.item.selector.web (Maven) Sep 30, 2025
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset pyguerder
Credited to Tanguy-Boisset and pyguerder
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Hutool allows remote code execution (RCE) via the QLExpressEngine class High
CVE-2025-56769 was published for cn.hutool:hutool-extra (Maven) Sep 26, 2025
Liferay Portal and DXP vulnerable to a memory leak Moderate
CVE-2025-43816 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Sep 25, 2025
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Moderate
CVE-2025-58457 was published for org.apache.zookeeper:zookeeper (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
Apache IoTDB: DoS Vulnerability Moderate
CVE-2025-48392 was published for org.apache.iotdb:iotdb-core (Maven) Sep 24, 2025
Apache IoTDB: Deserialization of untrusted Data Critical
CVE-2025-48459 was published for org.apache.iotdb:iotdb-confignode (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
WSO2 Identity Server Apps allows content spoofing in logs Moderate
CVE-2024-6429 was published for org.wso2.identity.apps:authentication-portal (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section Moderate
CVE-2025-59822 was published for org.http4s:http4s-ember-core_2.12 (Maven) Sep 23, 2025
sebastianosrt samspills
rossabaker
Credited to sebastianosrt, samspills, and rossabaker
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
Liferay Portal and DXP does not properly check permission with import and export tasks Moderate
CVE-2025-43806 was published for com.liferay:com.liferay.batch.engine.service (Maven) Sep 23, 2025
Liferay Portal and DXP audit events record password reminder answers Moderate
CVE-2025-43814 was published for com.liferay:com.liferay.portal.security.audit.event.generators.user.management (Maven) Sep 23, 2025
Liferay Portal and DXP allows users to add a note to a different virtual instance Moderate
CVE-2025-43810 was published for com.liferay.commerce:com.liferay.commerce.service (Maven) Sep 23, 2025
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field Moderate
CVE-2025-43807 was published for com.liferay:com.liferay.change.tracking.service (Maven) Sep 22, 2025
H2O affected by a deserialization vulnerability Critical
CVE-2025-6544 was published for ai.h2o:h2o-core (Maven) Sep 22, 2025
Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-43808 was published for com.liferay.commerce:com.liferay.commerce.product.type.virtual.service (Maven) Sep 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database