GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
js-toml Prototype Pollution Vulnerability
High
CVE-2025-54803
was published
for
js-toml
(npm)
Aug 4, 2025
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
High
CVE-2026-34463
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference
High
CVE-2026-40596
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has a Content Security Policy bypass via attachments
High
CVE-2026-40597
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Moderate
CVE-2026-40598
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column
High
CVE-2026-40607
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field
Moderate
CVE-2026-41897
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has a Private Bugnote Attachment Content Leak via REST API
High
CVE-2026-42071
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT Vulnerable to Stored XSS in File Download
High
CVE-2026-44657
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API