Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,356
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,989 advisories

Loading
Liferay Portal and Liferay DXP vulnerable to theft of hashed password Moderate
CVE-2024-26270 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP User Enumeration Vulnerability Moderate
CVE-2024-26268 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) Critical
CVE-2024-25610 was published for com.liferay.portal:com.liferay.portal.web (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions Moderate
CVE-2024-26267 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Liferay Portal defaults to a low work factor for the default password hashing algorithm High
CVE-2024-25607 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Feb 20, 2024
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd Credited to oscerd
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes Moderate
CVE-2024-25609 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character Moderate
CVE-2024-25608 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Improper Certificate Validation in Apache DolphinScheduler High
CVE-2023-49250 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Remote Code Execution in Apache Dolphinscheduler Critical
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Liferay Portal has an XXE vulnerability in Java2WsddTask._format High
CVE-2024-25606 was published for com.liferay.portal:com.liferay.util.java (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API Moderate
CVE-2024-25605 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions Moderate
CVE-2024-25604 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options Moderate
CVE-2024-25149 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel Moderate
CVE-2024-25150 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page Moderate
CVE-2023-44308 was published for com.liferay:com.liferay.adaptive.media.web (Maven) Feb 20, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd Credited to oscerd
Privilege escalation in Liferay Portal Moderate
CVE-2022-45320 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page Moderate
CVE-2023-5190 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Cross-site Scripting in electron-pdf High
CVE-2024-1648 was published for electron-pdf (npm) Feb 20, 2024
Cross-site Scripting in Pyhtml2pdf High
CVE-2024-1647 was published for pyhtml2pdf (pip) Feb 20, 2024
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database