Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,962
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

925 advisories

Loading
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page Moderate
CVE-2025-43815 was published for com.liferay:com.liferay.product.navigation.control.menu.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the related asset selector Moderate
CVE-2025-43811 was published for com.liferay:com.liferay.item.selector.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the web content template Moderate
CVE-2025-43812 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field Moderate
CVE-2025-43807 was published for com.liferay:com.liferay.change.tracking.service (Maven) Sep 22, 2025
Liferay search widget vulnerable to Cross-site Scripting Moderate
CVE-2025-43804 was published for com.liferay:com.liferay.portal.search (Maven) Sep 17, 2025
Liferay Stored Cross-site Scripting vulnerability Moderate
CVE-2025-43802 was published for com.liferay.workspace:com.liferay.ticket.workspace (Maven) Sep 16, 2025
Liferay Portal Cross-site Scripting (XSS) vulnerability Moderate
CVE-2025-43800 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
Liferay Portal vulnerable to Cross-site Scripting Moderate
CVE-2025-43791 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Sep 15, 2025
Liferay Portal has stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-43794 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 15, 2025
Liferay Portal's selection modal is vulnerable to XSS Moderate
CVE-2025-43787 was published for com.liferay:com.liferay.users.admin.web (Maven) Sep 12, 2025
Liferay Portal is vulnerable to Reflected XSS attack through get_editor path Moderate
CVE-2025-43783 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Sep 10, 2025
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-43785 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 10, 2025
Liferay Portal is vulnerable to XSS attacks via its remote app title field Moderate
CVE-2025-43775 was published for com.liferay:com.liferay.client.extension.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its search bar portlet Moderate
CVE-2025-43781 was published for com.liferay:com.liferay.portal.search.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin Moderate
CVE-2025-43778 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
GHSA-xmcw-mv9p-7pq2 was published for org.keycloak:keycloak-account-ui (Maven) Sep 5, 2025 withdrawn
julianladisch
Credited to julianladisch
Liferay Portal stored cross-site scripting in text field of the web content structure Moderate
CVE-2025-43765 was published for com.liferay:com.liferay.journal.service (Maven) Aug 23, 2025
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter Moderate
CVE-2025-43770 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Aug 23, 2025
Liferay Portal vulnerable to Stored XSS in Components portlet Moderate
CVE-2025-43769 was published for com.liferay:com.liferay.plugins.admin.web (Maven) Aug 23, 2025
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect Moderate
CVE-2025-43760 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter Moderate
CVE-2025-43755 was published for com.liferay:com.liferay.layout.admin.web (Maven) Aug 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database