GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25152
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25602
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42496
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25601
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-25147
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42498
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal stored cross-site scripting (XSS) vulnerability
Critical
CVE-2024-25145
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 7, 2024
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Critical
CVE-2023-47797
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 17, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Critical
CVE-2023-46732
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Nov 8, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Critical
CVE-2023-45137
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Critical
CVE-2023-45136
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider
Critical
CVE-2023-45134
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Critical
CVE-2023-37908
was published
for
org.xwiki.rendering:xwiki-rendering-xml
(Maven)
Oct 25, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Critical
CVE-2023-45144
was published
for
com.xwiki.identity-oauth:identity-oauth-ui
(Maven)
Oct 17, 2023
XWiki Change Request Application UI XSS and remote code execution through change request title
Critical
CVE-2023-45138
was published
for
org.xwiki.contrib.changerequest:application-changerequest-ui
(Maven)
Oct 17, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages
Critical
CVE-2023-36477
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jun 30, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Critical
CVE-2022-4361
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API