Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,809
Pub
12
RubyGems
928
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,729 advisories

Loading
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
Liferay Portal and Liferay DXP has incorrect default permissions for site members Moderate
CVE-2021-38268 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 3, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via form field Moderate
CVE-2022-26594 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 16, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the site name Moderate
CVE-2022-26597 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module Moderate
CVE-2021-38269 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) Moderate
CVE-2021-38265 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups Moderate
CVE-2022-26595 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Apr 20, 2022
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module Moderate
CVE-2021-33326 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category Moderate
CVE-2022-26593 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 20, 2022
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module Moderate
CVE-2021-33337 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module Moderate
CVE-2021-35463 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate Moderate
CVE-2021-33320 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs Moderate
CVE-2025-48924 was published for commons-lang:commons-lang (Maven) Jul 11, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits Moderate
CVE-2025-52520 was published for org.apache.tomcat:tomcat-catalina (Maven) Jul 10, 2025
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector Moderate
CVE-2025-52434 was published for org.apache.tomcat:tomcat-util (Maven) Jul 10, 2025
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON Moderate
CVE-2025-53864 was published for com.nimbusds:nimbus-jose-jwt (Maven) Jul 11, 2025
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel
Keycloak vulnerable to phishing attacks through its Review Profile section Moderate
CVE-2025-7365 was published for org.keycloak:keycloak-services (Maven) Jul 10, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database