Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,866 advisories

Loading
Liferay Portal Email Modification Vulnerability via Calendar Portlet Moderate
CVE-2025-43739 was published for com.liferay:com.liferay.calendar.service (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-43731 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Insecure Direct Object Reference Moderate
CVE-2025-43732 was published for com.liferay:com.liferay.roles.selector.web (Maven) Aug 18, 2025
Spring Framework MVC Applications Path Traversal Vulnerability Moderate
CVE-2025-41242 was published for org.springframework:spring-webmvc (Maven) Aug 18, 2025
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43734 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability Moderate
CVE-2025-43735 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability Moderate
CVE-2025-43736 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
xnox
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery Moderate
CVE-2025-4581 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 9, 2025
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery Moderate
CVE-2025-4655 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 9, 2025
Liferay Portal Reflected XSS in blogs-web Moderate
CVE-2025-4576 was published for com.liferay:com.liferay.blogs.web (Maven) Aug 8, 2025
Apache CXF: Untrusted JMS configuration can lead to RCE Moderate
CVE-2025-48913 was published for org.apache.cxf:cxf-rt-transports-jms (Maven) Aug 8, 2025
Keycloak-services SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025
XWiki allows Reflected XSS in two templates Moderate
CVE-2025-32430 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 5, 2025
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string Moderate
CVE-2024-52279 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Aug 3, 2025
Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability Moderate
CVE-2024-51775 was published for org.apache.zeppelin:zeppelin-shell (Maven) Aug 3, 2025
Apache Zeppelin: XSS in the Helium module Moderate
CVE-2024-41177 was published for org.apache.zeppelin:zeppelin-web (Maven) Aug 3, 2025
OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object Moderate
GHSA-2rjv-cv85-xhgm was published for org.opensearch.plugin:opensearch-security (Maven) Aug 1, 2025
OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape Moderate
GHSA-rrmm-wq7q-h4v5 was published for org.opensearch.plugin:opensearch-security (Maven) Aug 1, 2025
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin Moderate
CVE-2025-24854 was published for org.apache.jspwiki:jspwiki-main (Maven) Jul 31, 2025
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering Moderate
CVE-2025-24853 was published for org.apache.jspwiki:jspwiki-main (Maven) Jul 31, 2025
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database