Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,960
Maven
5,000+
npm
4,611
NuGet
788
pip
4,314
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

6,253 advisories

Loading
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
fabsx00
Credited to fabsx00
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Credited to fabsx00
Liferay Portal and Liferay DXP Fails to Sanitize API Data Moderate
CVE-2020-13444 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution High
CVE-2020-13445 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter Moderate
CVE-2020-25476 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use High
CVE-2021-29047 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module Moderate
CVE-2021-29041 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via Categories Admin Page Moderate
CVE-2021-29039 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Check Permissions Moderate
CVE-2021-29052 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections High
CVE-2021-29053 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter Moderate
CVE-2021-29046 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page Moderate
CVE-2021-29045 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page Moderate
CVE-2021-29044 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext Moderate
CVE-2021-33325 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page Moderate
CVE-2021-33328 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions Moderate
CVE-2021-33334 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter Moderate
CVE-2021-29049 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
Narayana deadlock via multiple join requests sent to LRA Coordinator Moderate
CVE-2024-8447 was published for org.jboss.narayana.rts:lra-coordinator-jar (Maven) Jan 2, 2025
BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Critical
CVE-2025-4641 was published for io.github.bonigarcia:webdrivermanager (Maven) May 14, 2025
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation Moderate
CVE-2025-47888 was published for io.jenkins.plugins:dingding-notifications (Maven) May 14, 2025
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting High
CVE-2025-47885 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 14, 2025
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens Critical
CVE-2025-47884 was published for io.jenkins.plugins:oidc-provider (Maven) May 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database