Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
Vulnerabilities
search
All ecosystems
393177
AlmaLinux
3907
Alpaquita
5850
Alpine
3789
Android
2912
BellSoft Hardened Containers
201
Bitnami
5904
Chainguard
26659
CRAN
11
crates.io
1754
Debian
47554
GHC
3
GIT
61414
GitHub Actions
33
Go
4580
Hackage
24
Hex
37
Linux
13574
Mageia
5655
Maven
5810
MinimOS
3145
npm
62902
NuGet
1459
openEuler
4860
openSUSE
10171
OSS-Fuzz
3084
Packagist
4787
Pub
10
PyPI
16497
Red Hat
16784
Rocky Linux
1916
RubyGems
1709
SUSE
16658
SwiftURL
36
Ubuntu
45615
Wolfi
13873
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-876g-49r6-33qj
Maven/com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl
Liferay Portal allows improper access through the expandoTableLocalService
yesterday
Fix available
Severity - 4.6 (Medium)
GHSA-hq8m-v68g-8cf8
Maven/org.opencastproject:opencast-user-interface-configuration
Opencast has a partial path traversal vulnerability in UI config
yesterday
Fix available
Severity - 2.7 (Low)
GHSA-w48j-pp7j-fj55
Maven/com.ritense.valtimo:core
Valtimo scripting engine can be used to gain access to sensitive data or resources
2 days ago
Fix available
Severity - 9.1 (Critical)
GHSA-9m7c-m33f-3429
Maven/org.xwiki.platform:xwiki-platform-export-pdf-api
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
2 days ago
Fix available
Severity - 5.8 (Medium)
GHSA-5c4f-pxmx-xcm4
Maven/org.apache.cassandra:cassandra-all
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
5 days ago
Fix available
Severity - 8.8 (High)
GHSA-h8gx-4hhm-w45v
Maven/com.liferay:com.liferay.journal.service
Liferay Portal stored cross-site scripting in text field of the web content structure
23 Aug
Fix available
Severity - 6.9 (Medium)
GHSA-mf9q-87xx-jgvv
Maven/com.liferay:com.liferay.style.book.web
Liferay Portal allows unrestricted upload of file in the style books component
23 Aug
Fix available
Severity - 6.8 (Medium)
GHSA-23w4-rpc6-wpcc
Maven/com.liferay:com.liferay.portal.workflow.kaleo.designer.web
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet
23 Aug
Fix available
Severity - 6.9 (Medium)
GHSA-6hj4-v2qp-cqr2
Maven/com.liferay:com.liferay.info.impl
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect
23 Aug
Fix available
Severity - 5.1 (Medium)
GHSA-cv9j-mg9w-v7wm
Maven/com.liferay.portal:com.liferay.portal.impl
Liferay Portal JSONWS API endpoint shares sensitive information
23 Aug
Fix available
Severity - 5.1 (Medium)
GHSA-h4m4-xp33-37mj
Maven/com.liferay.portal:com.liferay.portal.kernel
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter
23 Aug
Fix available
Severity - 6.9 (Medium)
GHSA-rvmf-jw8g-r35r
Maven/com.liferay:com.liferay.plugins.admin.web
Liferay Portal vulnerable to Stored XSS in Components portlet
23 Aug
Fix available
Severity - 4.6 (Medium)
GHSA-3h7r-4xxj-3mfm
Maven/com.liferay:com.liferay.frontend.editor.ckeditor.web
Maven/com.liferay:com.liferay.frontend.js.dependencies.web
npm/liferay-ckeditor
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint
22 Aug
Fix available
Severity - 6.9 (Medium)
GHSA-84pp-qr92-95c9
Maven/com.liferay:com.liferay.dynamic.data.mapping.form.web
Maven/com.liferay:com.liferay.dynamic.data.mapping.form.field.type
Liferay Portal users can upload an unlimited amount of files
22 Aug
Fix available
Severity - 5.3 (Medium)
GHSA-mm62-gwj5-j285
Maven/com.liferay:com.liferay.frontend.js.web
Maven/com.liferay:com.liferay.object.dynamic.data.mapping.form.field.type
Maven/com.liferay:com.liferay.object.web
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
22 Aug
Fix available
Severity - 5.3 (Medium)
GHSA-w3cr-3xw2-rp78
Maven/com.liferay:com.liferay.layout.impl
Liferay Portal users are able to add system admin portlets to pages
22 Aug
Fix available
Severity - 6.7 (Medium)
Load more...
Maven - OSV