Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,146 advisories

Loading
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect Moderate
CVE-2025-43760 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal User Enumeration Vulnerability via the Create Account Page Moderate
CVE-2025-43751 was published for com.liferay:com.liferay.login.web (Maven) Aug 22, 2025
JeecgBoot SQL Injection Vulnerability Moderate
CVE-2025-51825 was published for org.jeecgframework.boot:jeecg-boot-base-core (Maven) Aug 22, 2025
Bouncy Castle for Java has Out-of-Bounds Write Vulnerability Low
CVE-2025-9340 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Liferay Portal's Unlimited File Upload Could Result in DoS Moderate
CVE-2025-43752 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
hippo4j Includes Hard Coded Secret Key in JWT Creation High
CVE-2025-51606 was published for cn.hippo4j:hippo4j-core (Maven) Aug 21, 2025
Liferay Portal Username Enumeration Vulnerability Moderate
CVE-2025-43754 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter Moderate
CVE-2025-43756 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter Moderate
CVE-2025-43755 was published for com.liferay:com.liferay.layout.admin.web (Maven) Aug 21, 2025
Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services Moderate
GHSA-w2wj-hw98-233h was published for org.keycloak:keycloak-model-storage-services (Maven) Aug 21, 2025 withdrawn
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
vlsi
Credited to vlsi
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping Moderate
CVE-2025-43746 was published for ccom.liferay:com.liferay.dynamic.data.mapping.web (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter Moderate
CVE-2025-43757 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
Liferay Portal Vulnerable to Cross-Site Request Forgery High
CVE-2025-43748 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Unauthenticated File Access via URL Moderate
CVE-2025-43749 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Unvalidated File Upload Moderate
CVE-2025-43750 was published for com.liferay:com.liferay.dynamic.data.mapping.form.web (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter Moderate
CVE-2025-43741 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal Vulnerable to Cross-Site Scripting through URLs Moderate
CVE-2025-43742 was published for com.liferay:com.liferay.layout.type.controller.display.page (Maven) Aug 20, 2025
Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java Moderate
CVE-2024-39954 was published for org.apache.eventmesh:eventmesh-runtime (Maven) Aug 20, 2025
Liferay Portal Enumeration Discrepancy in Calendars Moderate
CVE-2025-43743 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels Moderate
CVE-2025-43744 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter Moderate
CVE-2025-43737 was published for com.liferay:com.liferay.journal.web (Maven) Aug 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database