Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,745 advisories

Loading
Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs Moderate
CVE-2025-30677 was published for org.apache.pulsar:pulsar-io-kafka (Maven) Apr 9, 2025
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module Critical
CVE-2022-42120 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu Critical
CVE-2023-44310 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class Critical
CVE-2023-44311 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page Moderate
CVE-2017-1000425 was published for com.liferay.portal:release.portal.bom (Maven) May 14, 2022
Liferay Portal vulnerable to arbitrary command injection Moderate
CVE-2011-1571 was published for com.liferay.portal:portal-service (Maven) May 13, 2022
Liferay Portal and Liferay DXP fails to check origin of event messages Moderate
CVE-2022-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console Moderate
CVE-2021-38263 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format Moderate
CVE-2025-53622 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
MMilosz kshepherd
DSpace is vulnerable to XML External Entity injection during archive imports Moderate
CVE-2025-53621 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
superpegaso2703 kshepherd
tdonohue
Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter Moderate
CVE-2021-38264 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Mar 4, 2022
Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module Moderate
CVE-2021-35463 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page Moderate
CVE-2021-38267 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type Low
CVE-2025-27427 was published for org.apache.activemq:artemis-server (Maven) Apr 1, 2025
Liferay Portal and Liferay DXP has incorrect default permissions for site members Moderate
CVE-2021-38268 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 3, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via form field Moderate
CVE-2022-26594 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 16, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the site name Moderate
CVE-2022-26597 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module Moderate
CVE-2021-38269 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database