- How many CVEs does Liferay have?
- Liferay has 341 published CVE records since 2005, including 144 in the last two years.
- How many Liferay CVEs are in CISA KEV?
- Yes — 1 of Liferay's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Liferay products have the most CVEs?
- The Liferay products with the most published CVEs are liferay_portal, liferay-portal, digital_experience_platform, DXP, Portal.
- What are the most common weakness types in Liferay CVEs?
- Liferay's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-639 (Authorization Bypass Through User-Controlled Key), CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')).
- Are there public exploits for Liferay vulnerabilities?
- Yes — 23 of Liferay's CVEs have a known public exploit.
- How many critical Liferay vulnerabilities are there?
- Liferay has 29 critical and 44 high-severity CVEs.
- What is the average severity of Liferay CVEs?
- The average CVSS base score across Liferay's scored CVEs is 6.0.