Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,860 advisories

Loading
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
Netty's decoders vulnerable to DoS via zip bomb style attack Moderate
CVE-2025-58057 was published for io.netty:netty-codec (Maven) Sep 3, 2025
yawkat
Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated Moderate
CVE-2025-58459 was published for org.jenkins-ci.plugins:global-build-stats (Maven) Sep 3, 2025
Jenkins Git client Plugin file system information disclosure vulnerability Moderate
CVE-2025-58458 was published for org.jenkins-ci.plugins:git-client (Maven) Sep 3, 2025
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
Silverpeas Core Username Enumeration Vulnerability Moderate
CVE-2025-46047 was published for org.silverpeas.core:silverpeas-core (Maven) Sep 2, 2025
Liferay Portal allows improper access through the expandoTableLocalService Moderate
CVE-2025-43773 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl (Maven) Aug 29, 2025
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses Moderate
CVE-2025-58049 was published for org.xwiki.platform:xwiki-platform-export-pdf-api (Maven) Aug 28, 2025
Liferay Portal allows unrestricted upload of file in the style books component Moderate
CVE-2025-43766 was published for com.liferay:com.liferay.style.book.web (Maven) Aug 23, 2025
Liferay Portal stored cross-site scripting in text field of the web content structure Moderate
CVE-2025-43765 was published for com.liferay:com.liferay.journal.service (Maven) Aug 23, 2025
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect Moderate
CVE-2025-43767 was published for com.liferay:com.liferay.info.impl (Maven) Aug 23, 2025
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet Moderate
CVE-2025-43764 was published for com.liferay:com.liferay.portal.workflow.kaleo.designer.web (Maven) Aug 23, 2025
Liferay Portal JSONWS API endpoint shares sensitive information Moderate
CVE-2025-43768 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Aug 23, 2025
Liferay Portal vulnerable to Stored XSS in Components portlet Moderate
CVE-2025-43769 was published for com.liferay:com.liferay.plugins.admin.web (Maven) Aug 23, 2025
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter Moderate
CVE-2025-43770 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Aug 23, 2025
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry Moderate
CVE-2025-43758 was published for com.liferay:com.liferay.frontend.js.web (Maven) Aug 22, 2025
Liferay Portal users are able to add system admin portlets to pages Moderate
CVE-2025-43759 was published for com.liferay:com.liferay.layout.impl (Maven) Aug 22, 2025
Liferay Portal users can upload an unlimited amount of files Moderate
CVE-2025-43762 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Aug 22, 2025
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect Moderate
CVE-2025-43760 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Liferay Portal User Enumeration Vulnerability via the Create Account Page Moderate
CVE-2025-43751 was published for com.liferay:com.liferay.login.web (Maven) Aug 22, 2025
JeecgBoot SQL Injection Vulnerability Moderate
CVE-2025-51825 was published for org.jeecgframework.boot:jeecg-boot-base-core (Maven) Aug 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database