Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
MantisBT has a Private Bugnote Attachment Content Leak via REST API High
CVE-2026-42071 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, dregad, and siunam321 TristanInSec TristanInSec
dregad dregad siunam321 siunam321
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API Moderate
CVE-2026-42070 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, and dregad TristanInSec TristanInSec
dregad dregad
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked Moderate
CVE-2026-34970 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API Moderate
CVE-2026-34754 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue Moderate
CVE-2026-34744 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an authorization bypass in private issue monitoring Moderate
CVE-2026-34579 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form High
CVE-2026-34463 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, dregad, and siunam321 dregad dregad
siunam321 siunam321
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator Moderate
CVE-2026-34390 was published for mantisbt/mantisbt (Composer) May 11, 2026
dracosectech-code Credited to dracosectech-code, dregad, and shukla304 dregad dregad
shukla304 shukla304
MantisBT Has Authorization Bypass in Global Profile Creation Moderate
CVE-2026-33052 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
Wagtail has improper permission handling when deleting form submissions Moderate
CVE-2026-44199 was published for wagtail (pip) May 8, 2026
RealOrangeOne Credited to RealOrangeOne and shukla304 shukla304 shukla304
MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline High
CVE-2026-33548 was published for mantisbt/mantisbt (Composer) Mar 25, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation High
CVE-2026-33517 was published for mantisbt/mantisbt (Composer) Mar 25, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database