Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

931 advisories

Loading
Liferay Portal vulnerable to Stored XSS in Components portlet Moderate
CVE-2025-43769 was published for com.liferay:com.liferay.plugins.admin.web (Maven) Aug 23, 2025
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter Moderate
CVE-2025-43770 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Aug 23, 2025
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect Moderate
CVE-2025-43760 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter Moderate
CVE-2025-43756 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter Moderate
CVE-2025-43755 was published for com.liferay:com.liferay.layout.admin.web (Maven) Aug 21, 2025
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping Moderate
CVE-2025-43746 was published for ccom.liferay:com.liferay.dynamic.data.mapping.web (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter Moderate
CVE-2025-43757 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter Moderate
CVE-2025-43741 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting through URLs Moderate
CVE-2025-43742 was published for com.liferay:com.liferay.layout.type.controller.display.page (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels Moderate
CVE-2025-43744 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter Moderate
CVE-2025-43737 was published for com.liferay:com.liferay.journal.web (Maven) Aug 19, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability in displayType Parameter Moderate
CVE-2025-43738 was published for com.liferay:com.liferay.expando.web (Maven) Aug 19, 2025
Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature Moderate
CVE-2025-43740 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-43731 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43734 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability Moderate
CVE-2025-43735 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 12, 2025
Liferay Portal Reflected XSS in blogs-web Moderate
CVE-2025-4576 was published for com.liferay:com.liferay.blogs.web (Maven) Aug 8, 2025
XWiki allows Reflected XSS in two templates Moderate
CVE-2025-32430 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 5, 2025
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
Apache Zeppelin: XSS in the Helium module Moderate
CVE-2024-41177 was published for org.apache.zeppelin:zeppelin-web (Maven) Aug 3, 2025
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin Moderate
CVE-2025-24854 was published for org.apache.jspwiki:jspwiki-main (Maven) Jul 31, 2025
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering Moderate
CVE-2025-24853 was published for org.apache.jspwiki:jspwiki-main (Maven) Jul 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database