Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

675 advisories

Loading
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format Moderate
CVE-2025-21621 was published for org.geoserver.web:gs-web-app (Maven) Nov 25, 2025
sikeoka
Credited to sikeoka
Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page Moderate
CVE-2025-62267 was published for com.liferay:com.liferay.dynamic.data.mapping.item.selector.web (Maven) Oct 31, 2025
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter Moderate
CVE-2025-62264 was published for com.liferay.portal:release.portal.bom (Maven) Oct 31, 2025
Liferay Portal is vulnerable to XSS in the Blogs widget Moderate
CVE-2025-62265 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-62263 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 27, 2025
MCMS reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-60837 was published for net.mingsoft:ms-mcms (Maven) Oct 23, 2025
Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS) Moderate
CVE-2025-62248 was published for com.liferay:com.liferay.dynamic.data.mapping.web (Maven) Oct 22, 2025
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget Moderate
CVE-2025-62249 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 21, 2025
Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
CVE-2025-10044 was published for org.keycloak:keycloak-account-ui (Maven) Oct 17, 2025
Apache Geode web-api is vulnerable to Cross-site Scripting Moderate
CVE-2024-44088 was published for org.apache.geode:geode-web-api (Maven) Oct 14, 2025
Liferay Mentions Web is Vulnerable to Cross-site Scripting Moderate
CVE-2025-62246 was published for com.liferay:com.liferay.mentions.web (Maven) Oct 13, 2025
Liferay Portal is vulnerable to XSS through its workflow process builder Moderate
CVE-2025-62239 was published for com.liferay:com.liferay.portal.workflow.kaleo.designer.web (Maven) Oct 10, 2025
Liferay Portal's Membership page is vulnerable to XSS through “name“ text field Moderate
CVE-2025-62238 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 10, 2025
Liferay Portal Commerce is vulnerable to XSS through account "name" field Moderate
CVE-2025-62237 was published for com.liferay.commerce:com.liferay.commerce.order.web (Maven) Oct 10, 2025
Liferay Portal is vulnerable to XSS through its Calendar Events parameters Moderate
CVE-2025-62240 was published for com.liferay:com.liferay.calendar.web (Maven) Oct 9, 2025
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting Moderate
CVE-2025-61788 was published for org.opencastproject:opencast-common (Maven) Oct 8, 2025
miesgre
Credited to miesgre
Liferay Portal is vulnerable to Stored XSS through Forms text type field Moderate
CVE-2025-43830 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields Moderate
CVE-2025-43771 was published for com.liferay:com.liferay.flags.web (Maven) Oct 8, 2025
Liferay Portal Commerce Shop is vulnerable to Stored XSS through SVG file Moderate
CVE-2025-43829 was published for com.liferay.commerce:com.liferay.commerce.shop.by.diagram.web (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XXS through its Commerce Product's Name text field Moderate
CVE-2025-43821 was published for com.liferay.commerce:com.liferay.commerce.product.service (Maven) Oct 8, 2025
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page Moderate
CVE-2025-43822 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget Moderate
CVE-2025-43823 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
Liferay Portal Vulnerable to XSS in Web Content translation Moderate
CVE-2025-43826 was published for com.liferay.portal:release.portal.bom (Maven) Oct 1, 2025
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page Moderate
CVE-2025-43815 was published for com.liferay:com.liferay.product.navigation.control.menu.web (Maven) Sep 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database