GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
MantisBT: Stored XSS in print_all_bug_page_word.php
High
CVE-2026-62944
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs
Moderate
CVE-2026-52883
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: REST and SOAP API Issue Update Accepts Unreleased Product Versions From Updaters
Moderate
CVE-2026-52882
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: Reflected XSS in admin/install.php via unescaped printf
Critical
CVE-2026-52881
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: Reflected XSS in admin/install.php
Critical
CVE-2026-52847
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: REST API unauthorized Issue status change
Moderate
CVE-2026-49280
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: Remote Code Execution via eval() Class Hoisting in adm_config_set.php
High
CVE-2026-49273
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator
Critical
CVE-2026-47156
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: SQL Injection via history_order Configuration Value
High
CVE-2026-47142
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT Vulnerable to Stored XSS in File Download
High
CVE-2026-44657
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has Stored XSS on Move Attachments Admin Page
High
CVE-2026-44655
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has a Private Bugnote Attachment Content Leak via REST API
High
CVE-2026-42071
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
Moderate
CVE-2026-42070
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field
Moderate
CVE-2026-41897
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column
High
CVE-2026-40607
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Moderate
CVE-2026-40598
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has a Content Security Policy bypass via attachments
High
CVE-2026-40597
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference
High
CVE-2026-40596
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values
Moderate
CVE-2026-39960
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
Moderate
CVE-2026-34970
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API
Moderate
CVE-2026-34754
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue
Moderate
CVE-2026-34744
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has an authorization bypass in private issue monitoring
Moderate
CVE-2026-34579
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
High
CVE-2026-34463
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator
Moderate
CVE-2026-34390
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API