Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,434 advisories

Loading
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions Critical
CVE-2024-38002 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components Critical
CVE-2023-44309 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page Critical
CVE-2023-42629 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page Critical
CVE-2023-42497 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions Moderate
CVE-2023-3426 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 2, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module Moderate
CVE-2023-3193 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module High
CVE-2023-35030 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module Moderate
CVE-2023-35029 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module High
CVE-2022-42121 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module Moderate
CVE-2022-42119 was published for com.liferay.commerce:com.liferay.commerce.catalog.web (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module Moderate
CVE-2022-42118 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module Moderate
CVE-2022-42110 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module Moderate
CVE-2022-42111 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal Vulnerable to XSS in Profile Search Functionality Moderate
CVE-2016-3670 was published for com.liferay:com.liferay.portal.search.web (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display Moderate
CVE-2017-12649 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title Moderate
CVE-2017-12647 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via an Invalid portletId Moderate
CVE-2017-12645 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via a Crafted Redirect Field Moderate
CVE-2016-10404 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Allows RCE via Deserialization of a JSON Payload Critical
CVE-2019-16891 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal Reflected XSS in blogs-web Moderate
CVE-2025-4576 was published for com.liferay:com.liferay.blogs.web (Maven) Aug 8, 2025
Craft CMS has a theoretical bypass for CVE-2025-23209 Moderate
CVE-2025-54417 was published for craftcms/cms (Composer) Aug 8, 2025
angrybrad timkelty
segfault-it
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits Moderate
CVE-2025-52520 was published for org.apache.tomcat:tomcat-catalina (Maven) Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database