Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,014 advisories

Loading
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via a Journal Article Title Moderate
CVE-2019-16147 was published for com.liferay:com.liferay.journal.taglib (Maven) May 24, 2022
Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet Moderate
CVE-2020-7934 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API Moderate
CVE-2019-6588 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3986 was published for org.apereo.cas:cas-server-core-configuration-metadata-repository (Maven) Apr 27, 2025
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache Moderate
CVE-2025-2559 was published for org.keycloak:keycloak-services (Maven) Mar 25, 2025
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass Moderate
GHSA-fx44-2wx5-5fvp was published for org.keycloak:keycloak-services (Maven) Apr 29, 2025 withdrawn
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42127 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability Moderate
CVE-2025-32970 was published for org.xwiki.platform:xwiki-platform-wysiwyg-api (Maven) Apr 29, 2025
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin Moderate
CVE-2022-45398 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in OpenNMS Horizon Moderate
CVE-2021-25933 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-site Scripting in OpenNMS Horizon Moderate
CVE-2021-25929 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery in OpenNMS Horizon Moderate
CVE-2021-25930 was published for org.opennms:opennms (Maven) May 25, 2021
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42130 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API Moderate
CVE-2025-46554 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 30, 2025
LMonert
Credited to LMonert
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-34662 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 1, 2022
Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store Moderate
GHSA-hp88-hfjw-2hg4 was published for org.jboss.hal:hal-console (Maven) Mar 28, 2025 withdrawn
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store Moderate
CVE-2025-2901 was published for org.jboss.hal:hal-console (Maven) May 6, 2025
Liferay Portal Reflected XSS in marketplace-app-manager-web Moderate
CVE-2025-4388 was published for com.liferay:com.liferay.marketplace.app.manager.web (Maven) May 6, 2025
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for org.jruby:jruby (Maven) May 7, 2025
mohamedhafez
Credited to mohamedhafez
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database