com.liferay:com.liferay.portal.vulcan.impl

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.liferay:com.liferay.portal.vulcan.implpage 1 of 1

CVE-2025-3602HIGHCVSS 7.5EG 7.5✓ Fixed in 5.0.103
2025-06-16
vulnerable: 1.0.0 ... 5.0.99 (419 versions)
Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remo…
CVE-2025-43786MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.0.127
2025-09-09
vulnerable: 5.0.10 ... 5.0.99 (120 versions)
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers…
CVE-2025-43816HIGHCVSS 7.5EG 7.5✓ Fixed in 5.0.115
2025-09-25
vulnerable: 1.0.0 ... 5.0.99 (431 versions)
A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.…

Check whether com.liferay:com.liferay.portal.vulcan.impl is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.liferay:com.liferay.portal.vulcan.impl CVEs against the assets you own.

Start Free Scan →