Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,934 advisories

Loading
Liferay Portal is vulnerable to XSS through its workflow process builder Moderate
CVE-2025-62239 was published for com.liferay:com.liferay.portal.workflow.kaleo.designer.web (Maven) Oct 10, 2025
Liferay Portal's Membership page is vulnerable to XSS through “name“ text field Moderate
CVE-2025-62238 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 10, 2025
Liferay Portal Commerce is vulnerable to XSS through account "name" field Moderate
CVE-2025-62237 was published for com.liferay.commerce:com.liferay.commerce.order.web (Maven) Oct 10, 2025
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API Moderate
CVE-2025-37727 was published for org.elasticsearch:elasticsearch (Maven) Oct 10, 2025
Liferay Portal is vulnerable to XSS through its Calendar Events parameters Moderate
CVE-2025-62240 was published for com.liferay:com.liferay.calendar.web (Maven) Oct 9, 2025
Keycloak Potential Variable Reference in Model Storage Services Moderate
CVE-2025-9162 was published for org.keycloak:keycloak-model-storage-services (Maven) Oct 8, 2025
Ankush-Pathak
Credited to Ankush-Pathak
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
alexeyNeklesa-idt metametadata
eoftedal
Credited to alexeyNeklesa-idt, metametadata, and eoftedal
Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers Moderate
CVE-2025-62228 was published for org.apache.flink:flink-cdc-pipeline-connectors (Maven) Oct 9, 2025
Liferay Portal is vulnerable to XXS through its Commerce Product's Name text field Moderate
CVE-2025-43821 was published for com.liferay.commerce:com.liferay.commerce.product.service (Maven) Oct 8, 2025
Liferay Portal is vulnerable to Stored XSS through Forms text type field Moderate
CVE-2025-43830 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal Commerce Shop is vulnerable to Stored XSS through SVG file Moderate
CVE-2025-43829 was published for com.liferay.commerce:com.liferay.commerce.shop.by.diagram.web (Maven) Oct 8, 2025
Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields Moderate
CVE-2025-43771 was published for com.liferay:com.liferay.flags.web (Maven) Oct 8, 2025
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page Moderate
CVE-2025-43822 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget Moderate
CVE-2025-43823 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services Moderate
GHSA-w2wj-hw98-233h was published for org.keycloak:keycloak-model-storage-services (Maven) Aug 21, 2025 withdrawn
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting Moderate
CVE-2025-61788 was published for org.opencastproject:opencast-common (Maven) Oct 8, 2025
miesgre
Credited to miesgre
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
WSO2 is vulnerable to Open Redirect through multi-option URL in its authentication endpoint Moderate
CVE-2024-1440 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.endpoint.util (Maven) Jun 2, 2025
Liferay Portal exposes sensitive user data through its Freemarker template Moderate
CVE-2025-43825 was published for com.liferay:com.liferay.portal.template.freemarker (Maven) Oct 4, 2025
Elasticsearch Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-52979 was published for org.elasticsearch:elasticsearch (Maven) May 1, 2025
Hazelcast vulnerable to unmasked password exposure Moderate
CVE-2023-33264 was published for com.hazelcast:hazelcast (Maven) May 22, 2023
joshbressers
Credited to joshbressers
Liferay Portal Vulnerable to XSS in Web Content translation Moderate
CVE-2025-43826 was published for com.liferay.portal:release.portal.bom (Maven) Oct 1, 2025
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the web content template Moderate
CVE-2025-43812 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet Moderate
CVE-2025-43813 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database