Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,833 advisories

Loading
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions Critical
CVE-2024-38002 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components Critical
CVE-2023-44309 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page Critical
CVE-2023-42629 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page Critical
CVE-2023-42497 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions Moderate
CVE-2023-3426 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 2, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module Moderate
CVE-2023-3193 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module High
CVE-2023-35030 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module Moderate
CVE-2023-35029 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module High
CVE-2022-42121 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module Moderate
CVE-2022-42119 was published for com.liferay.commerce:com.liferay.commerce.catalog.web (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module Moderate
CVE-2022-42118 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module Moderate
CVE-2022-42110 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module Moderate
CVE-2022-42111 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal Vulnerable to XSS in Profile Search Functionality Moderate
CVE-2016-3670 was published for com.liferay:com.liferay.portal.search.web (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display Moderate
CVE-2017-12649 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title Moderate
CVE-2017-12647 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via an Invalid portletId Moderate
CVE-2017-12645 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Vulnerable to XSS via a Crafted Redirect Field Moderate
CVE-2016-10404 was published for com.liferay.portal:release.portal.bom (Maven) May 17, 2022
Liferay Portal Allows RCE via Deserialization of a JSON Payload Critical
CVE-2019-16891 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal Reflected XSS in blogs-web Moderate
CVE-2025-4576 was published for com.liferay:com.liferay.blogs.web (Maven) Aug 8, 2025
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits Moderate
CVE-2025-52520 was published for org.apache.tomcat:tomcat-catalina (Maven) Jul 10, 2025
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector Moderate
CVE-2025-52434 was published for org.apache.tomcat:tomcat-util (Maven) Jul 10, 2025
Apache Tomcat - Security constraint bypass for pre/post-resources Moderate
CVE-2025-49125 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database