Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,737 advisories

Loading
Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs Moderate
CVE-2025-30677 was published for org.apache.pulsar:pulsar-io-kafka (Maven) Apr 9, 2025
Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page Moderate
CVE-2017-1000425 was published for com.liferay.portal:release.portal.bom (Maven) May 14, 2022
Liferay Portal vulnerable to arbitrary command injection Moderate
CVE-2011-1571 was published for com.liferay.portal:portal-service (Maven) May 13, 2022
Liferay Portal and Liferay DXP fails to check origin of event messages Moderate
CVE-2022-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console Moderate
CVE-2021-38263 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format Moderate
CVE-2025-53622 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
MMilosz kshepherd
DSpace is vulnerable to XML External Entity injection during archive imports Moderate
CVE-2025-53621 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
superpegaso2703 kshepherd
tdonohue
Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter Moderate
CVE-2021-38264 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Mar 4, 2022
Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module Moderate
CVE-2021-35463 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page Moderate
CVE-2021-38267 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
Liferay Portal and Liferay DXP has incorrect default permissions for site members Moderate
CVE-2021-38268 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 3, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via form field Moderate
CVE-2022-26594 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 16, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the site name Moderate
CVE-2022-26597 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 26, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module Moderate
CVE-2021-38269 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) Moderate
CVE-2021-38265 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 4, 2022
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups Moderate
CVE-2022-26595 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Apr 20, 2022
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module Moderate
CVE-2021-33326 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category Moderate
CVE-2022-26593 was published for com.liferay.portal:release.dxp.bom (Maven) Apr 20, 2022
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module Moderate
CVE-2021-33337 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate Moderate
CVE-2021-33320 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs Moderate
CVE-2025-48924 was published for commons-lang:commons-lang (Maven) Jul 11, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database