Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

703 advisories

Loading
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-26266 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42498 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-40191 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42496 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25601 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting Critical
CVE-2024-25602 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-25147 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25152 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Expression injection in AviatorScript Critical
CVE-2021-41862 was published for com.googlecode.aviator:aviator (Maven) Oct 4, 2021
joelteo-poloniex
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection Critical
CVE-2017-11467 was published for com.orientechnologies:orientdb-core (Maven) Oct 18, 2018
yoshizawa-masatoshi
aXMLRPC XML External Entity vulnerability Critical
CVE-2020-36641 was published for fr.turri:aXMLRPC (Maven) Jan 5, 2023
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi
Liferay Portal stored cross-site scripting (XSS) vulnerability Critical
CVE-2024-25145 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 7, 2024
Improper Privilege Management in Apache Ozone Critical
CVE-2021-36372 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization Critical
CVE-2017-20189 was published for org.clojure:clojure (Maven) Jan 22, 2024
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
Hard-coded credentials in org.folio:mod-data-export-spring Critical
CVE-2024-23687 was published for org.folio:mod-data-export-spring (Maven) Jan 20, 2024
Deserialization of Untrusted Data in Bouncy castle Critical
CVE-2018-1000613 was published for org.bouncycastle:bcprov-jdk15on (Maven) Oct 17, 2018
jkmartindale
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli
Remote Code Execution vulnerability in Apache IoTDB via UDF Critical
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Insecure Deserialization in Apache XML-RPC Critical
CVE-2019-17570 was published for org.apache.xmlrpc:xmlrpc (Maven) Jun 10, 2020
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
Arbitrary code execution in Apache Commons Text Critical
CVE-2022-42889 was published for com.guicedee.services:commons-text (Maven) Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API