com.liferay.portal:com.liferay.portal.impl vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-62276Mediumcom.liferay:com.liferay.adaptive.media.web: Liferay Portal and DXP use an incorrect cache-control headerCVE-2025-62261Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Stores Password Reset Tokens in Plain TextCVE-2025-62254Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal ComboServlet denial of service via large file combinationCVE-2025-62249Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gagetCVE-2025-62252Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay is Vulnerable to Authorization Bypass Through User-Controlled KeyCVE-2025-43813Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServletCVE-2025-43809Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal Cross-Site Request Forgery (CSRF) vulnerabilityCVE-2025-43801Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal has unchecked input for loop condition vulnerability in XML-RPCCVE-2025-43793Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal has Improper Validation of Specified Quantity in InputCVE-2025-43794Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal has stored cross-site scripting (XSS) vulnerabilityCVE-2025-43768Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal JSONWS API endpoint shares sensitive informationCVE-2025-43735Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerabilityCVE-2021-29050Highcom.liferay.portal:com.liferay.portal.impl: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use PageCVE-2022-41414Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Insecure Default Configuration in auth.login.prompt.enabledCVE-2021-33322Highcom.liferay.portal:com.liferay.portal.impl: Liferay Portal and Liferay DXP fails to invalidate password reset tokens after useCVE-2021-33321Highcom.liferay.portal:com.liferay.portal.impl: Liferay Portal and Liferay DXP insecure default configurationCVE-2020-15840Mediumcom.liferay.portal:com.liferay.portal.impl: Liferay Portal and Liferay DXP Bypass via Double Encoded URLCVE-2022-26595Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP fails to check permissions to view sites/groups

Stop the waste.
Protect your environment with Kodem.