Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

42 advisories

Loading
MantisBT: Stored XSS in print_all_bug_page_word.php High
CVE-2026-62944 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
dracosectech-code Credited to dracosectech-code and dregad dregad dregad
MantisBT: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs Moderate
CVE-2026-52883 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
byteoverride Credited to byteoverride and dregad dregad dregad
MantisBT: REST and SOAP API Issue Update Accepts Unreleased Product Versions From Updaters Moderate
CVE-2026-52882 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
dregad Credited to dregad
MantisBT: Reflected XSS in admin/install.php via unescaped printf Critical
CVE-2026-52881 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay and dregad dregad dregad
MantisBT: Reflected XSS in admin/install.php Critical
CVE-2026-52847 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay and dregad dregad dregad
MantisBT: REST API unauthorized Issue status change Moderate
CVE-2026-49280 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
dregad Credited to dregad and mamdouhmahfouz mamdouhmahfouz mamdouhmahfouz
MantisBT: Remote Code Execution via eval() Class Hoisting in adm_config_set.php High
CVE-2026-49273 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay and dregad dregad dregad
MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator Critical
CVE-2026-47156 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay, dregad, tyage, voraci0us, chndlrx, and bharatdevasani dregad dregad
tyage tyage voraci0us voraci0us chndlrx chndlrx bharatdevasani bharatdevasani
MantisBT: SQL Injection via history_order Configuration Value High
CVE-2026-47142 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
McCaulay Credited to McCaulay and dregad dregad dregad
MantisBT Vulnerable to Stored XSS in File Download High
CVE-2026-44657 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT has Stored XSS on Move Attachments Admin Page High
CVE-2026-44655 was published for mantisbt/mantisbt (Composer) May 11, 2026
dregad Credited to dregad
MantisBT has a Private Bugnote Attachment Content Leak via REST API High
CVE-2026-42071 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, dregad, and siunam321 TristanInSec TristanInSec
dregad dregad siunam321 siunam321
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API Moderate
CVE-2026-42070 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, and dregad TristanInSec TristanInSec
dregad dregad
MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field Moderate
CVE-2026-41897 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column High
CVE-2026-40607 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page Moderate
CVE-2026-40598 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT has a Content Security Policy bypass via attachments High
CVE-2026-40597 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference High
CVE-2026-40596 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values Moderate
CVE-2026-39960 was published for mantisbt/mantisbt (Composer) May 11, 2026
morimori-dev Credited to morimori-dev, dregad, and TristanInSec dregad dregad
TristanInSec TristanInSec
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked Moderate
CVE-2026-34970 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API Moderate
CVE-2026-34754 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue Moderate
CVE-2026-34744 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an authorization bypass in private issue monitoring Moderate
CVE-2026-34579 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form High
CVE-2026-34463 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, dregad, and siunam321 dregad dregad
siunam321 siunam321
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator Moderate
CVE-2026-34390 was published for mantisbt/mantisbt (Composer) May 11, 2026
dracosectech-code Credited to dracosectech-code, dregad, and shukla304 dregad dregad
shukla304 shukla304
ProTip! Advisories are also available from the GraphQL API