Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,744 advisories

Loading
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
MantisBT Insufficient Session Experation allows for credential theft High
CVE-2009-20001 was published for mantisbt/mantisbt (Composer) Apr 21, 2022
Mautic has an Open Redirect vulnerability on user unlock path. Moderate
CVE-2025-5256 was published for mautic/core (Composer) May 28, 2025
tomekkowalczyk patrykgruszka
nick-vanpraet
MantisBT unauthorized users able to access private files Moderate
CVE-2020-25781 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO Moderate
CVE-2018-16514 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT allows cross-site scripting (XSS) via crafted filename Moderate
CVE-2019-15074 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Remote Code Execution High
CVE-2019-15715 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS when uploading an attachment Moderate
CVE-2019-15539 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS issue on the view_all_bug_page.php Moderate
CVE-2020-16266 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XXS where a Custom Field with a crafted Regular Expression property is used Moderate
CVE-2020-25288 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT SQL Injection via mc_project_get_users function Moderate
CVE-2020-28413 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT allows XSS in manage_custom_field_edit_page.php Moderate
CVE-2021-33557 was published for mantisbt/mantisbt (Composer) May 24, 2022
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
decsecre583
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84 decsecre583
October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
decsecre583
MantisBT Incorrect Authorization for bug_revision_view_page.php check High
CVE-2020-35849 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Missing Authorization access check in bug_actiongroup.php Moderate
CVE-2020-29604 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Insecure Storage in manage_proj_edit_page.php Moderate
CVE-2020-29603 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Incorrect Authorization in bug_actiongroup_page.php Moderate
CVE-2020-29605 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS in manage_custom_field_update.php Moderate
CVE-2020-35571 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php High
CVE-2021-43257 was published for mantisbt/mantisbt (Composer) Apr 15, 2022
MantisBT XSS allows unsanitized input via admin/install.php Moderate
CVE-2017-12061 was published for mantisbt/mantisbt (Composer) May 13, 2022
MantisBT allows XSS via Edit Filter page Moderate
CVE-2018-17783 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via the Manage Filter page Moderate
CVE-2018-17782 was published for mantisbt/mantisbt (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database