Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API Moderate
CVE-2026-42070 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, TristanInSec, and dregad TristanInSec TristanInSec
dregad dregad
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked Moderate
CVE-2026-34970 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API Moderate
CVE-2026-34754 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue Moderate
CVE-2026-34744 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT has an authorization bypass in private issue monitoring Moderate
CVE-2026-34579 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator Moderate
CVE-2026-34390 was published for mantisbt/mantisbt (Composer) May 11, 2026
dracosectech-code Credited to dracosectech-code, dregad, and shukla304 dregad dregad
shukla304 shukla304
MantisBT Has Authorization Bypass in Global Profile Creation Moderate
CVE-2026-33052 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
Wagtail has improper permission handling when deleting form submissions Moderate
CVE-2026-44199 was published for wagtail (pip) May 8, 2026
RealOrangeOne Credited to RealOrangeOne and shukla304 shukla304 shukla304
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database