Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

931 advisories

Loading
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page Moderate
CVE-2025-43822 was published for com.liferay.portal:release.portal.bom (Maven) Oct 8, 2025
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
Liferay Portal Vulnerable to XSS in Web Content translation Moderate
CVE-2025-43826 was published for com.liferay.portal:release.portal.bom (Maven) Oct 1, 2025
Liferay Portal vulnerable to cross-site scripting in the web content template Moderate
CVE-2025-43812 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43818 was published for com.liferay:com.liferay.calendar.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43820 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter Moderate
CVE-2025-43817 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page Moderate
CVE-2025-43815 was published for com.liferay:com.liferay.product.navigation.control.menu.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the related asset selector Moderate
CVE-2025-43811 was published for com.liferay:com.liferay.item.selector.web (Maven) Sep 30, 2025
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field Moderate
CVE-2025-43807 was published for com.liferay:com.liferay.change.tracking.service (Maven) Sep 22, 2025
Liferay search widget vulnerable to Cross-site Scripting Moderate
CVE-2025-43804 was published for com.liferay:com.liferay.portal.search (Maven) Sep 17, 2025
Liferay Stored Cross-site Scripting vulnerability Moderate
CVE-2025-43802 was published for com.liferay.workspace:com.liferay.ticket.workspace (Maven) Sep 16, 2025
Liferay Portal Cross-site Scripting (XSS) vulnerability Moderate
CVE-2025-43800 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
Liferay Portal vulnerable to Cross-site Scripting Moderate
CVE-2025-43791 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
Liferay Portal has stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43794 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 15, 2025
Liferay Portal's selection modal is vulnerable to XSS Moderate
CVE-2025-43787 was published for com.liferay:com.liferay.users.admin.web (Maven) Sep 12, 2025
Liferay Portal is vulnerable to Reflected XSS attack through get_editor path Moderate
CVE-2025-43783 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Sep 10, 2025
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-43785 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 10, 2025
Liferay Portal is vulnerable to XSS attacks via its remote app title field Moderate
CVE-2025-43775 was published for com.liferay:com.liferay.client.extension.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its search bar portlet Moderate
CVE-2025-43781 was published for com.liferay:com.liferay.portal.search.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin Moderate
CVE-2025-43778 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
GHSA-xmcw-mv9p-7pq2 was published for org.keycloak:keycloak-account-ui (Maven) Sep 5, 2025 withdrawn
julianladisch
Credited to julianladisch
Liferay Portal stored cross-site scripting in text field of the web content structure Moderate
CVE-2025-43765 was published for com.liferay:com.liferay.journal.service (Maven) Aug 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database