Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6,047 advisories

Loading
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS) Moderate
CVE-2025-62248 was published for com.liferay:com.liferay.dynamic.data.mapping.web (Maven) Oct 22, 2025
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl Low
GHSA-gr7h-xw4f-wh86 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 22, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories Moderate
CVE-2025-11965 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget Moderate
CVE-2025-62249 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 21, 2025
Liferay Portal fails to verify messages from the cluster network is trusted Moderate
CVE-2025-62250 was published for com.liferay:com.liferay.portal.cluster.multiple (Maven) Oct 21, 2025
Apache Syncope allows malicious administrators to inject Groovy code High
CVE-2025-57738 was published for org.apache.syncope.core:syncope-core-spring (Maven) Oct 20, 2025
MCMS vulnerable SQL injection via the content_title parameter Critical
CVE-2025-56316 was published for net.mingsoft:ms-mcms (Maven) Oct 17, 2025
Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
CVE-2025-10044 was published for org.keycloak:keycloak-account-ui (Maven) Oct 17, 2025
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection High
CVE-2025-41253 was published for org.springframework.cloud:spring-cloud-gateway-server-webflux (Maven) Oct 16, 2025
Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages Moderate
CVE-2025-41254 was published for org.springframework:spring-websocket (Maven) Oct 16, 2025
GeoIP processor disables SSL certificate validation when downloading databases Moderate
GHSA-3xgr-h5hq-7299 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
OpenSearch Data Prepper uses deprecated SSL protocol identifier Moderate
GHSA-28gg-8qqj-fhh5 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
OpenSearch Data Prepper plugins trust all SSL certificates by default High
CVE-2025-62371 was published for org.opensearch.dataprepper.plugins:opensearch (Maven) Oct 15, 2025
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures
Credited to DepthFirstDisclosures
Apache Spark has Inadequate Encryption Strength Moderate
CVE-2025-55039 was published for org.apache.spark:spark-network-common_2.12 (Maven) Oct 15, 2025
Apache Geode web-api is vulnerable to Cross-site Scripting Moderate
CVE-2024-44088 was published for org.apache.geode:geode-web-api (Maven) Oct 14, 2025
Liferay has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-62251 was published for com.liferay:com.liferay.site.navigation.menu.item.asset.vocabulary (Maven) Oct 14, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Mentions Web is Vulnerable to Cross-site Scripting Moderate
CVE-2025-62246 was published for com.liferay:com.liferay.mentions.web (Maven) Oct 13, 2025
ProTip! Advisories are also available from the GraphQL API