Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,921

Total Advisories

1,821

With Dependabot PRs

3,520

Critical Severity

8,659

High Severity

Clear All Filters
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect
GHSA-6hj4-v2qp-cqr2 CVE-2025-43767 MODERATE 4 months ago
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 ...
maven
No PRs yet
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet
GHSA-23w4-rpc6-wpcc CVE-2025-43764 MODERATE 4 months ago
Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 t...
maven
No PRs yet
Liferay Portal JSONWS API endpoint shares sensitive information
GHSA-cv9j-mg9w-v7wm CVE-2025-43768 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 20...
maven
No PRs yet
Liferay Portal vulnerable to Stored XSS in Components portlet
GHSA-rvmf-jw8g-r35r CVE-2025-43769 MODERATE 4 months ago
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 t...
maven
No PRs yet
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter
GHSA-h4m4-xp33-37mj CVE-2025-43770 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 20...
maven
No PRs yet
Liferay Portal users can upload an unlimited amount of files
GHSA-84pp-qr92-95c9 CVE-2025-43762 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 202...
maven
No PRs yet
Liferay Portal users are able to add system admin portlets to pages
GHSA-w3cr-3xw2-rp78 CVE-2025-43759 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 202...
maven
No PRs yet
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
GHSA-mm62-gwj5-j285 CVE-2025-43758 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 202...
maven
No PRs yet
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint
GHSA-3h7r-4xxj-3mfm CVE-2025-43761 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 20...
maven npm
No PRs yet
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
GHSA-fvqv-593q-qp8r CVE-2025-43760 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 20...
maven
No PRs yet
Liferay Portal User Enumeration Vulnerability via the Create Account Page
GHSA-xwc5-q44v-p6gg CVE-2025-43751 MODERATE 4 months ago
User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13...
maven
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
GHSA-vv6j-3g6g-2pvj MODERATE 4 months ago
### Summary Using torch.utils._config_module.load_config function, which is a pytorch library function to execute remote pickle file. ### Details...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
GHSA-vr7h-p6mm-wpmh MODERATE 4 months ago
### Summary Using torch.jit.unsupported_tensor_ops.execWrapper function, which is a pytorch library function to execute remote pickle file. ### D...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
GHSA-h3qp-7fh3-f8h4 MODERATE 4 months ago
### Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle fi...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
GHSA-f745-w6jp-hpxx MODERATE 4 months ago
### Summary Using torch.utils.collect_env.run function, which is a pytorch library function to execute remote pickle file. ### Details The attac...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
GHSA-f4x7-rfwp-v3xw MODERATE 4 months ago
### Summary Using torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function, which is a pytorch library function to execu...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
GHSA-86cj-95qr-2p4f MODERATE 4 months ago
### Summary Using torch._dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. ### Details ...
pypi
No PRs yet
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
GHSA-4r9r-ch6f-vxmx MODERATE 4 months ago
### Summary Using torch.utils.bottleneck.__main__.run_cprofile function, which is a pytorch library function to execute remote pickle file. ### ...
pypi
No PRs yet
Dpanel has an arbitrary file read vulnerability
GHSA-gcqf-pxgg-gw8q CVE-2025-53363 MODERATE 4 months ago
### Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can ...
go
No PRs yet
JeecgBoot SQL Injection Vulnerability
GHSA-gj8w-ffq9-6828 CVE-2025-51825 MODERATE 4 months ago
JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endp...
maven
No PRs yet
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability
GHSA-jfcv-jv9g-2vx2 CVE-2025-9341 MODERATE 4 months ago
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules) allows...
maven
No PRs yet
Liferay Portal's Unlimited File Upload Could Result in DoS
GHSA-qpp6-f3qj-rggq CVE-2025-43752 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 202...
maven
No PRs yet
Liferay Portal Username Enumeration Vulnerability
GHSA-x7p4-v8mj-6fxx CVE-2025-43754 MODERATE 4 months ago
Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q...
maven
No PRs yet
Mattermost has Potential Server Crash due to Unvalidated Import Data
GHSA-h469-4fcf-p23h CVE-2025-8402 MODERATE 4 months ago
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which ...
go
No PRs yet
Mattermost Fails to Sanitize File Names
GHSA-pj6f-rc94-gw53 CVE-2025-6465 MODERATE 4 months ago
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with fi...
go
No PRs yet
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter
GHSA-q2gv-w583-f2vq CVE-2025-43756 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 throu...
maven
No PRs yet
Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter
GHSA-58cq-8wm2-6m87 CVE-2025-43755 MODERATE 4 months ago
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.1...
maven
No PRs yet
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request
GHSA-pp7p-q8fx-2968 CVE-2025-57753 MODERATE 4 months ago
### Summary Files not included in `src` was possible to access with a crafted request. ### Impact Only apps explicitly exposing the Vite dev ser...
npm
6
Dependabot PRs
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
GHSA-2464-8j7c-4cjm MODERATE 4 months ago
### Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. ...
go
No PRs yet
UnoPim vulnerable to CSRF on Product edit feature and creation of other types
GHSA-287x-6r2h-f9mw CVE-2025-55744 MODERATE 4 months ago
### Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). | Method | Endpoint | Status | Reason | ...
packagist
No PRs yet
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality
GHSA-xr97-25v7-hc2q CVE-2025-55742 MODERATE 4 months ago
### Summary Affected Functionality: User creation Endpoint: `/admin/settings/users/create` ### Details https://github.com/unopim/unopim/blob/a0dc8...
packagist
No PRs yet
Mattermost Fails to Sanitize Path Traversal Sequences
GHSA-x67c-v8jr-p29r CVE-2025-8023 MODERATE 4 months ago
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template ...
go
No PRs yet
Mattermost Fails to Validate File Paths
GHSA-gq3r-5833-5532 CVE-2025-36530 MODERATE 4 months ago
Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin impo...
go
No PRs yet
Mattermost Fails to Validate Remote Cluster Upload Sessions
GHSA-q453-638c-h4mr CVE-2025-49222 MODERATE 4 months ago
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2, 10.10.x <= 10.10.0 fail to validate upload types in re...
go
No PRs yet
Mattermost Does Not Sanitize the Team Invite ID
GHSA-qj47-w9f2-qg44 CVE-2025-47870 MODERATE 4 months ago
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fail to sanitize the team invite ID in the POST /api/v...
go
No PRs yet
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter
GHSA-62pf-hcwj-rcfc CVE-2025-43757 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 20...
maven
No PRs yet
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping
GHSA-mpww-r37c-vxjw CVE-2025-43746 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 20...
maven
No PRs yet
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
GHSA-ggjm-f3g4-rwmm CVE-2025-57749 MODERATE 4 months ago
### Impact A symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sen...
npm
No PRs yet
elysia-cors Origin Validation Error
GHSA-f9qj-4c5x-cpcw CVE-2025-50864 MODERATE 4 months ago
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The ...
npm
No PRs yet
Liferay Portal Unvalidated File Upload
GHSA-56qj-wp5r-mvhj CVE-2025-43750 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 202...
maven
No PRs yet
Liferay Portal Unauthenticated File Access via URL
GHSA-5fx5-cff6-f3fp CVE-2025-43749 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 202...
maven
No PRs yet
CRI-O has Potential High Memory Consumption from File Read
GHSA-8f93-j3fx-72f3 CVE-2025-4437 MODERATE 4 months ago
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CR...
go
No PRs yet
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
GHSA-j6p8-g3rj-ghpm CVE-2025-43741 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 20...
maven
No PRs yet
Liferay Portal Vulnerable to Cross-Site Scripting through URLs
GHSA-3fp2-6mwq-4q3j CVE-2025-43742 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 20...
maven
No PRs yet
Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java
GHSA-hf86-8x8v-h7vc CVE-2024-39954 MODERATE 4 months ago
Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse funct...
maven
No PRs yet
Default Credentials in nginx-defender Configuration Files
GHSA-pr72-8fxw-xx22 CVE-2025-55740 MODERATE 4 months ago
### Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files [config.yaml](https://github.co...
go
No PRs yet
Liferay Portal Enumeration Discrepancy in Calendars
GHSA-g4vp-4gqr-7v8c CVE-2025-43743 MODERATE 4 months ago
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 202...
maven
No PRs yet
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
GHSA-m49p-6cjp-x2h3 CVE-2025-43744 MODERATE 4 months ago
A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5,...
maven
No PRs yet
Liferay Portal CSRF Vulnerability via Endpoint Parameter
GHSA-7q33-gwcm-r6cj CVE-2025-43745 MODERATE 4 months ago
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4....
maven
No PRs yet
Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter
GHSA-vjwr-cqwf-6q96 CVE-2025-43737 MODERATE 4 months ago
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 thr...
maven
No PRs yet