Browse Security Advisories
High Security Advisories for com.liferay.portal:release.dxp.bom Clear Filters
High
11 months ago
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
11 months ago
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
11 months ago
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 1 year ago
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:com.liferay.portal.impl
High
over 1 year ago
Liferay Portal defaults to a low work factor for the default password hashing algorithm
maven
com.liferay.portal:com.liferay.portal.kernel, com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
High
over 1 year ago
Liferay Portal has an XXE vulnerability in Java2WsddTask._format
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom, com.liferay.portal:com.liferay.util.java
High
over 1 year ago
Liferay Portal vulnerable to user impersonation
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 2 years ago
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
almost 3 years ago
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.layout.page.template.service
High
over 3 years ago
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:com.liferay.portal.impl
High
over 3 years ago
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP autosaves form data for other users to see
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.dynamic.data.mapping.form.web
High
over 3 years ago
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP fails to properly import users from LDAP
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.portal.security.ldap.impl
Filter by Severity
Filter by Ecosystem
maven
2,242
pypi
1,801
npm
1,643
packagist
1,454
go
1,017
nuget
1,015
cargo
391
rubygems
305
swift
18
actions
18
hex
10
pub
5
Filter by Package
Microsoft.ChakraCore
234
tensorflow
122
tensorflow-gpu
119
tensorflow-cpu
115
magento/community-edition
81
moodle/moodle
61
org.jenkins-ci.main:jenkins-core
56
Django
49
com.fasterxml.jackson.core:jackson-databind
43
typo3/cms
42
dolibarr/dolibarr
34
Plone
33
drupal/core
33
librenms/librenms
32
org.apache.tomcat:tomcat
31
mlflow
30
pimcore/pimcore
30
github.com/rancher/rancher
29
drupal/drupal
29
salt
29
typo3/cms-core
29
apache-airflow
29
phpmyadmin/phpmyadmin
28
microweber/microweber
27
nokogiri
26
magento/project-community-edition
25
ansible
24
org.apache.struts:struts2-core
24
com.liferay.portal:release.portal.bom
23
opencv-contrib-python
23
opencv-python
23
org.apache.tomcat.embed:tomcat-embed-core
22
symfony/symfony
22
com.thoughtworks.xstream:xstream
22
com.jfinal:jfinal
21
thorsten/phpmyfaq
20
org.jenkins-ci.plugins:script-security
20
matrix-synapse
20
django
20
Pillow
19
com.liferay.portal:release.dxp.bom
19
github.com/hashicorp/vault
18
pocketmine/pocketmine-mp
18
pillow
18
Microsoft.AspNetCore.App.Runtime.win-x86
17
gradio
17
github.com/grafana/grafana
17
rdiffweb
17
Microsoft.AspNetCore.App.Runtime.win-x64
17
openssl-src
17
io.undertow:undertow-core
17
getgrav/grav
16
Microsoft.AspNetCore.App.Runtime.win-arm
16
parse-server
16
keystone
15
org.xwiki.platform:xwiki-platform-oldcore
15
github.com/hashicorp/consul
15
nilsteampassnet/teampass
15
Microsoft.AspNetCore.App.Runtime.win-arm64
15
open-webui
15
Microsoft.AspNetCore.App.Runtime.osx-x64
14
net.mingsoft:ms-mcms
14
centreon/centreon
14
vyper
14
Microsoft.AspNetCore.App.Runtime.linux-arm
14
Microsoft.AspNetCore.App.Runtime.linux-arm64
14
org.keycloak:keycloak-core
14
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
14
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
14
github.com/usememos/memos
14
Microsoft.AspNetCore.App.Runtime.linux-x64
14
craftcms/cms
14
Microsoft.NetCore.App.Runtime.win-x86
14
Microsoft.NetCore.App.Runtime.win-x64
14
Microsoft.NetCore.App.Runtime.win-arm64
14
shopware/platform
14
Microsoft.NetCore.App.Runtime.win-arm
14
org.keycloak:keycloak-services
13
rubygems-update
13
apache-superset
13
org.apache.solr:solr-core
13
silverstripe/framework
13
mindsdb
13
electron
13
golang.org/x/net
13
mautic/core
13
org.apache.openmeetings:openmeetings-parent
12
phpoffice/phpspreadsheet
12
phpoffice/phpexcel
12
baserproject/basercms
12
activerecord
12
shopware/core
12
github.com/hashicorp/nomad
11
github.com/zitadel/zitadel
11
intelliants/subrion
11
next
11
cockpit-hq/cockpit
11
github.com/nats-io/nats-server/v2
11
directus
11
actionpack
11
gogs.io/gogs
11
org.keycloak:keycloak-parent
11
froxlor/froxlor
11
deno
10
github.com/traefik/traefik/v2
10
snipe/snipe-it
10
github.com/argoproj/argo-cd
10
surrealdb
10
k8s.io/kubernetes
10
funadmin/funadmin
10
org.springframework.security:spring-security-core
10
Microsoft.AspNetCore.App.Runtime.linux-musl-arm
10
nova
10
laravel/framework
10
github.com/ollama/ollama
10
openmage/magento-lts
10
litellm
9
org.cloudfoundry.identity:cloudfoundry-identity-server
9
org.bouncycastle:bcprov-jdk14
9
org.apache.nifi:nifi
9
lollms
9
Microsoft.NetCore.App.Runtime.osx-x64
9
Microsoft.NetCore.App.Runtime.osx-arm64
9
mercurial
9
Microsoft.NetCore.App.Runtime.linux-x64
9
Microsoft.NetCore.App.Runtime.linux-musl-x64
9
Microsoft.NetCore.App.Runtime.linux-musl-arm64
9
Microsoft.NetCore.App.Runtime.linux-musl-arm
9
neutron
9
Microsoft.NetCore.App.Runtime.linux-arm64
9
Microsoft.NetCore.App.Runtime.linux-arm
9
cobbler
9
org.apache.geode:geode-core
9
ckb
9
org.apache.struts.xwork:xwork-core
9
org.apache.hadoop:hadoop-main
9
zendframework/zendframework1
9
org.apache.tomcat:tomcat-catalina
9
h2o
9
github.com/ethereum/go-ethereum
9
rusqlite
9
aim
9
composer/composer
8
rack
8
github.com/argoproj/argo-cd/v2
8
plone
8
Microsoft.NETCore.App.Runtime.win-arm64
8
october/system
8
org.craftercms:crafter-studio
8
org.bouncycastle:bcprov-jdk15
8
Microsoft.NETCore.App.Runtime.win-x64
8
ai.h2o:h2o-core
8
org.apache.tomcat:tomcat-coyote
8
pyload-ng
8
phpbb/phpbb
8
github.com/docker/docker
8
smarty/smarty
8
org.eclipse.jetty:jetty-server
8
cryptography
8
org.jenkins-ci.plugins.workflow:workflow-cps
8
github.com/sylabs/singularity
8
yeswiki/yeswiki
8
Microsoft.NETCore.App.Runtime.win-x86
8
moin
8
Microsoft.AspNetCore.App.Runtime.osx-arm64
8
codeigniter4/framework
7
cn.hutool:hutool-core
7
com.xuxueli:xxl-job
7
github.com/filebrowser/filebrowser/v2
7
zendframework/zendframework
7
mantisbt/mantisbt
7
ryu
7
DotNetNuke.Core
7
org.springframework:spring-core
7
tar
7
symfony/security-http
7
org.apache.inlong:manager-pojo
7
org.elasticsearch:elasticsearch
7
magento/core
7
flowise
7
OPCFoundation.NetStandard.Opc.Ua.Core
7
apollo-router
7
contao/core-bundle
7
strapi
7
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
7
k8s.io/ingress-nginx
7
golang.org/x/crypto
7
symfony/security
7
opencv-contrib-python-headless
7
@strapi/strapi
7
opencv-python-headless
7
phpmailer/phpmailer
7
cakephp/cakephp
7
sequelize
6
Microsoft.NETCore.App
6
github.com/kyverno/kyverno
6
billz/raspap-webgui
6
github.com/gravitl/netmaker
6
matrix-js-sdk
6
prestashop/prestashop
6