Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,755 advisories

Loading
Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons Moderate
CVE-2022-43968 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Concrete CMS vulnerable to Cross-site Scripting via multilingual report Moderate
CVE-2022-43967 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Concrete CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43688 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module Moderate
CVE-2022-42111 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module Moderate
CVE-2022-42110 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module Moderate
CVE-2022-42118 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL Moderate
CVE-2022-42132 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Improper Certificate Validation in Liferay Portal Moderate
CVE-2022-42131 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Authorization Bypass in Liferay Portal Moderate
CVE-2022-42129 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42130 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Concrete CMS vulnerable to XML External Entity Moderate
CVE-2022-43689 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42128 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Path Traversal in Liferay Portal High
CVE-2022-42125 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42127 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module Moderate
CVE-2022-42119 was published for com.liferay.commerce:com.liferay.commerce.catalog.web (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module Critical
CVE-2022-42120 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Inefficient Regular Expression Complexity in Liferay Portal High
CVE-2022-42124 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Path Traversal in Liferay Portal High
CVE-2022-42123 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module High
CVE-2022-42121 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module Critical
CVE-2022-42122 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Apache Airflow Contains Open Redirect Moderate
CVE-2022-45402 was published for apache-airflow (pip) Nov 15, 2022
sunSUNQ
Apache Jena vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-45136 was published for org.apache.jena:jena-sdb (Maven) Nov 14, 2022
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database