Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,911 advisories

Loading
Liferay Portal Vulnerable to Cross-Site Scripting through URLs Moderate
CVE-2025-43742 was published for com.liferay:com.liferay.layout.type.controller.display.page (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter Moderate
CVE-2025-43741 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java Moderate
CVE-2024-39954 was published for org.apache.eventmesh:eventmesh-runtime (Maven) Aug 20, 2025
Liferay Portal Enumeration Discrepancy in Calendars Moderate
CVE-2025-43743 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels Moderate
CVE-2025-43744 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal CSRF Vulnerability via Endpoint Parameter Moderate
CVE-2025-43745 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter Moderate
CVE-2025-43737 was published for com.liferay:com.liferay.journal.web (Maven) Aug 19, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability in displayType Parameter Moderate
CVE-2025-43738 was published for com.liferay:com.liferay.expando.web (Maven) Aug 19, 2025
Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature Moderate
CVE-2025-43740 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Email Modification Vulnerability via Calendar Portlet Moderate
CVE-2025-43739 was published for com.liferay:com.liferay.calendar.service (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-43731 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Login Bypass Vulnerability Low
CVE-2025-3639 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Insecure Direct Object Reference Moderate
CVE-2025-43732 was published for com.liferay:com.liferay.roles.selector.web (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Spring Framework MVC Applications Path Traversal Vulnerability Moderate
CVE-2025-41242 was published for org.springframework:spring-webmvc (Maven) Aug 18, 2025
Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability Low
CVE-2025-9092 was published for org.bouncycastle:bc-fips (Maven) Aug 16, 2025
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Aug 13, 2025
snieguu
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43734 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability Moderate
CVE-2025-43735 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 12, 2025
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
xnox
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability Moderate
CVE-2025-43736 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery Moderate
CVE-2025-4581 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database