Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL Critical
CVE-2026-30849 was published for mantisbt/mantisbt (Composer) Mar 23, 2026
JBince Credited to JBince and dregad dregad dregad
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb Credited to jrckmcsb, atrol, and dregad atrol atrol
dregad dregad
MantisBT lacks verification when changing a user's email address Moderate
CVE-2025-55155 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
ncrcs Credited to ncrcs and dregad dregad dregad
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng Credited to TheAmazeng and dregad dregad dregad
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad Credited to dregad and piru piru piru
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp Credited to mrcnpp and dregad dregad dregad
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Critical
CVE-2025-46337 was published for adodb/adodb-php (Composer) May 1, 2025
mrcnpp Credited to mrcnpp and dregad dregad dregad
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz Credited to c-schmitz and dregad dregad dregad
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting Moderate
CVE-2024-34081 was published for mantisbt/mantisbt (Composer) May 13, 2024
atrol Credited to atrol, unboundeduniverse, and dregad unboundeduniverse unboundeduniverse
dregad dregad
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-34080 was published for mantisbt/mantisbt (Composer) May 13, 2024
vboctor Credited to vboctor and dregad dregad dregad
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad Credited to dregad and redna-xela redna-xela redna-xela
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Credited to dregad, Kerkroups, shaozi, plmaltais, and atrol Kerkroups Kerkroups
shaozi shaozi plmaltais plmaltais atrol atrol
MantisBT HTML Injection vulnerability Moderate
CVE-2020-25830 was published for mantisbt/mantisbt (Composer) May 24, 2022
dregad Credited to dregad
Authentication Bypass in ADOdb/ADOdb Critical
CVE-2021-3850 was published for adodb/adodb-php (Composer) Jan 27, 2022
meme-lord Credited to meme-lord and dregad dregad dregad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database