Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

791 advisories

Loading
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting Moderate
CVE-2021-33339 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33336 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33332 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App Moderate
CVE-2021-29051 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page Moderate
CVE-2021-29048 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API Moderate
CVE-2025-32951 was published for io.jmix.rest:jmix-rest (Maven) Apr 22, 2025
AnonySE26
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36739 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting High
CVE-2025-47885 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 14, 2025
Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter Moderate
CVE-2021-29049 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page Moderate
CVE-2021-33328 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page Moderate
CVE-2021-29044 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page Moderate
CVE-2021-29045 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter Moderate
CVE-2021-29046 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via Categories Admin Page Moderate
CVE-2021-29039 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter Moderate
CVE-2020-25476 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser High
GHSA-q9q2-3ppx-mwqf was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Liferay Portal Reflected XSS in marketplace-app-manager-web Moderate
CVE-2025-4388 was published for com.liferay:com.liferay.marketplace.app.manager.web (Maven) May 6, 2025
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store Moderate
CVE-2025-2901 was published for org.jboss.hal:hal-console (Maven) May 6, 2025
Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store Moderate
GHSA-hp88-hfjw-2hg4 was published for org.jboss.hal:hal-console (Maven) Mar 28, 2025 withdrawn
org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content Critical
CVE-2025-46558 was published for org.xwiki.contrib.markdown:syntax-markdown-commonmark12 (Maven) Apr 30, 2025
Cross-site Scripting in OpenNMS Horizon Moderate
CVE-2021-25929 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-site Scripting in OpenNMS Horizon Moderate
CVE-2021-25933 was published for org.opennms:opennms (Maven) May 25, 2021
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45401 was published for org.jenkins-ci.main:associated-files-plugin (Maven) Nov 16, 2022
NotMyFault
Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API Moderate
CVE-2019-6588 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database