GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+
6,047 advisories
Filter by severity
Liferay Portal and DXP are Missing Authorization in Collection Provider
Low
CVE-2025-62247
was published
for
com.liferay:com.liferay.search.experiences.service
(Maven)
Oct 22, 2025
Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS)
Moderate
CVE-2025-62248
was published
for
com.liferay:com.liferay.dynamic.data.mapping.web
(Maven)
Oct 22, 2025
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Low
GHSA-gr7h-xw4f-wh86
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 22, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names
Low
CVE-2025-11966
was published
for
io.vertx:vertx-web
(Maven)
Oct 22, 2025
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories
Moderate
CVE-2025-11965
was published
for
io.vertx:vertx-web
(Maven)
Oct 22, 2025
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget
Moderate
CVE-2025-62249
was published
for
com.liferay.portal:com.liferay.portal.impl
(Maven)
Oct 21, 2025
Liferay Portal fails to verify messages from the cluster network is trusted
Moderate
CVE-2025-62250
was published
for
com.liferay:com.liferay.portal.cluster.multiple
(Maven)
Oct 21, 2025
Apache Syncope allows malicious administrators to inject Groovy code
High
CVE-2025-57738
was published
for
org.apache.syncope.core:syncope-core-spring
(Maven)
Oct 20, 2025
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system
High
CVE-2025-47410
was published
for
org.apache.geode:geode-web
(Maven)
Oct 18, 2025
MCMS vulnerable SQL injection via the content_title parameter
Critical
CVE-2025-56316
was published
for
net.mingsoft:ms-mcms
(Maven)
Oct 17, 2025
Keycloak error_description injection on error pages that can trigger phishing attacks
Moderate
CVE-2025-10044
was published
for
org.keycloak:keycloak-account-ui
(Maven)
Oct 17, 2025
Mammoth is vulnerable to Directory Traversal
Moderate
CVE-2025-11849
was published
for
Mammoth
(Maven)
Oct 17, 2025
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
High
CVE-2025-41253
was published
for
org.springframework.cloud:spring-cloud-gateway-server-webflux
(Maven)
Oct 16, 2025
Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
Moderate
CVE-2025-41254
was published
for
org.springframework:spring-websocket
(Maven)
Oct 16, 2025
GeoIP processor disables SSL certificate validation when downloading databases
Moderate
GHSA-3xgr-h5hq-7299
was published
for
org.opensearch.dataprepper.plugins:geoip-processor
(Maven)
Oct 15, 2025
OpenSearch Data Prepper uses deprecated SSL protocol identifier
Moderate
GHSA-28gg-8qqj-fhh5
was published
for
org.opensearch.dataprepper.plugins:geoip-processor
(Maven)
Oct 15, 2025
OpenSearch Data Prepper plugins trust all SSL certificates by default
High
CVE-2025-62371
was published
for
org.opensearch.dataprepper.plugins:opensearch
(Maven)
Oct 15, 2025
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery
High
CVE-2025-59419
was published
for
io.netty:netty-codec-smtp
(Maven)
Oct 15, 2025
Apache Spark has Inadequate Encryption Strength
Moderate
CVE-2025-55039
was published
for
org.apache.spark:spark-network-common_2.12
(Maven)
Oct 15, 2025
Apache Geode web-api is vulnerable to Cross-site Scripting
Moderate
CVE-2024-44088
was published
for
org.apache.geode:geode-web-api
(Maven)
Oct 14, 2025
Liferay has Incorrect Permission Assignment for Critical Resource
Moderate
CVE-2025-62251
was published
for
com.liferay:com.liferay.site.navigation.menu.item.asset.vocabulary
(Maven)
Oct 14, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key
Moderate
CVE-2025-62252
was published
for
com.liferay.portal:com.liferay.portal.impl
(Maven)
Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
Moderate
CVE-2025-62241
was published
for
com.liferay.commerce:com.liferay.commerce.order.content.web
(Maven)
Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key
Moderate
CVE-2025-62242
was published
for
com.liferay:com.liferay.change.tracking.web
(Maven)
Oct 13, 2025
Liferay Mentions Web is Vulnerable to Cross-site Scripting
Moderate
CVE-2025-62246
was published
for
com.liferay:com.liferay.mentions.web
(Maven)
Oct 13, 2025
ProTip!
Advisories are also available from the
GraphQL API