Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,830
Erlang
36
GitHub Actions
33
Go
2,450
Maven
5,000+
npm
4,070
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,814 advisories

Loading
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-43731 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Insecure Direct Object Reference Moderate
CVE-2025-43732 was published for com.liferay:com.liferay.roles.selector.web (Maven) Aug 18, 2025
Spring Framework MVC Applications Path Traversal Vulnerability Moderate
CVE-2025-41242 was published for org.springframework:spring-webmvc (Maven) Aug 18, 2025
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43734 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj tal-sealsecurity
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability Moderate
CVE-2025-43735 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability Moderate
CVE-2025-43736 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery Moderate
CVE-2025-4655 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 9, 2025
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery Moderate
CVE-2025-4581 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 9, 2025
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks Moderate
CVE-2019-10219 was published for org.hibernate.validator:hibernate-validator (Maven) Jan 8, 2020
SunBK201 poc-effectiveness
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON Moderate
CVE-2025-53864 was published for com.nimbusds:nimbus-jose-jwt (Maven) Jul 11, 2025
phrabec
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions Moderate
CVE-2023-3426 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 2, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module Moderate
CVE-2023-3193 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module Moderate
CVE-2023-35029 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module Moderate
CVE-2022-42119 was published for com.liferay.commerce:com.liferay.commerce.catalog.web (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module Moderate
CVE-2022-42118 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module Moderate
CVE-2022-42110 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module Moderate
CVE-2022-42111 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal Vulnerable to XSS in Profile Search Functionality Moderate
CVE-2016-3670 was published for com.liferay:com.liferay.portal.search.web (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display Moderate
CVE-2017-12649 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database