GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components
Critical
CVE-2023-44309
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page
Critical
CVE-2023-42629
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page
Critical
CVE-2023-42497
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module
Critical
CVE-2023-42627
was published
for
com.liferay.commerce:com.liferay.commerce.address.content.web
(Maven)
Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
Critical
CVE-2023-42628
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu
Critical
CVE-2023-44310
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class
Critical
CVE-2023-44311
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Oct 17, 2023
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax
Critical
CVE-2025-53835
was published
for
org.xwiki.rendering:xwiki-rendering-syntax-xhtml
(Maven)
Jul 14, 2025
org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content
Critical
CVE-2025-46558
was published
for
org.xwiki.contrib.markdown:syntax-markdown-commonmark12
(Maven)
Apr 30, 2025
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42498
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42496
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25601
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25602
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-25147
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25152
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal stored cross-site scripting (XSS) vulnerability
Critical
CVE-2024-25145
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 7, 2024
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Critical
CVE-2023-47797
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API