GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
30,398 advisories
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Moderate
CVE-2026-45046
was published
for
github.com/safedep/gryph
(Go)
May 11, 2026
MantisBT Vulnerable to Stored XSS in File Download
High
CVE-2026-44657
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has Stored XSS on Move Attachments Admin Page
High
CVE-2026-44655
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
High
CVE-2026-44635
was published
for
kysely
(npm)
May 11, 2026
local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
Moderate
CVE-2026-43979
was published
for
local-deep-research
(pip)
May 11, 2026
SandboxJS has a sandbox escape via Function.caller leakage of internal call op
Critical
CVE-2026-43898
was published
for
@nyariv/sandboxjs
(npm)
May 11, 2026
MantisBT has a Private Bugnote Attachment Content Leak via REST API
High
CVE-2026-42071
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
Moderate
CVE-2026-42070
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field
Moderate
CVE-2026-41897
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
Mermaid: Improper sanitization of configuration leads to CSS injection
Moderate
CVE-2026-41159
was published
for
mermaid
(npm)
May 11, 2026
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
Moderate
CVE-2026-41150
was published
for
mermaid
(npm)
May 11, 2026
Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Moderate
CVE-2026-41149
was published
for
mermaid
(npm)
May 11, 2026
Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
Moderate
CVE-2026-41148
was published
for
mermaid
(npm)
May 11, 2026
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column
High
CVE-2026-40607
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Moderate
CVE-2026-40598
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has a Content Security Policy bypass via attachments
High
CVE-2026-40597
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference
High
CVE-2026-40596
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values
Moderate
CVE-2026-39960
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
Yii 2: Local file inclusion via view parameter name collision
High
CVE-2026-39850
was published
for
yiisoft/yii2
(Composer)
May 11, 2026
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
Moderate
CVE-2026-34970
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API
Moderate
CVE-2026-34754
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue
Moderate
CVE-2026-34744
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT has an authorization bypass in private issue monitoring
Moderate
CVE-2026-34579
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
High
CVE-2026-34463
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API