Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,878 advisories

Loading
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter Moderate
CVE-2025-43756 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter Moderate
CVE-2025-43755 was published for com.liferay:com.liferay.layout.admin.web (Maven) Aug 21, 2025
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality Moderate
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter Moderate
CVE-2025-43757 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping Moderate
CVE-2025-43746 was published for ccom.liferay:com.liferay.dynamic.data.mapping.web (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting through URLs Moderate
CVE-2025-43742 was published for com.liferay:com.liferay.layout.type.controller.display.page (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter Moderate
CVE-2025-43741 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels Moderate
CVE-2025-43744 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter Moderate
CVE-2025-43737 was published for com.liferay:com.liferay.journal.web (Maven) Aug 19, 2025
Mermaid improperly sanitizes sequence diagram labels leading to XSS Moderate
CVE-2025-54881 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Mermaid does not properly sanitize architecture diagram iconText leading to XSS Moderate
CVE-2025-54880 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Liferay Portal Reflected Cross-Site Scripting Vulnerability in displayType Parameter Moderate
CVE-2025-43738 was published for com.liferay:com.liferay.expando.web (Maven) Aug 19, 2025
Astro allows unauthorized third-party images in _image endpoint Moderate
CVE-2025-55303 was published for @astrojs/node (npm) Aug 19, 2025
HakuPiku GeneralZero
chriselbring-avalabs ematipico delucis Princesseuh
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source High
CVE-2025-52478 was published for n8n (npm) Aug 19, 2025
dana-gill pfelilpe
agustedone ffaggiani LucianoSorrentino95
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Admin Moderate
CVE-2025-51488 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Article Moderate
CVE-2025-51487 was published for moonshine/moonshine (Composer) Aug 19, 2025
Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature Moderate
CVE-2025-43740 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
LibreNMS allows stored XSS in Alert Template name field Moderate
CVE-2025-55296 was published for librenms/librenms (Composer) Aug 18, 2025
at4111
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-43731 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Low
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Low
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43734 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database