Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting High
CVE-2026-3105 was published for mautic/core (Composer) Feb 25, 2026
q1uf3ng Credited to q1uf3ng, patrykgruszka, and escopecz patrykgruszka patrykgruszka
escopecz escopecz
GrapesJsBuilder File Upload allows all file uploads High
CVE-2025-13827 was published for mautic/grapes-js-builder-bundle (Composer) Dec 2, 2025
driskell Credited to driskell, escopecz, and patrykgruszka escopecz escopecz
patrykgruszka patrykgruszka
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell Credited to driskell, escopecz, and patrykgruszka escopecz escopecz
patrykgruszka patrykgruszka
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Moderate
CVE-2025-9823 was published for mautic/core (Composer) Sep 3, 2025
nmmorette Credited to nmmorette, kuzmany, and patrykgruszka kuzmany kuzmany
patrykgruszka patrykgruszka
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa Credited to asesidaa, patrykgruszka, kuzmany, and lukehebe patrykgruszka patrykgruszka
kuzmany kuzmany lukehebe lukehebe
Mautic has an Open Redirect vulnerability on user unlock path. Moderate
CVE-2025-5256 was published for mautic/core (Composer) May 28, 2025
tomekkowalczyk Credited to tomekkowalczyk, patrykgruszka, and nick-vanpraet patrykgruszka patrykgruszka
nick-vanpraet nick-vanpraet
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar Credited to abhisekmazumdar, patrykgruszka, and nick-vanpraet patrykgruszka patrykgruszka
nick-vanpraet nick-vanpraet
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka Credited to patrykgruszka and nick-vanpraet nick-vanpraet nick-vanpraet
Mautic does not shield .env files from web traffic Moderate
CVE-2024-47056 was published for mautic/core (Composer) May 28, 2025
r3ky Credited to r3ky, lenonleite, nick-vanpraet, and patrykgruszka lenonleite lenonleite
nick-vanpraet nick-vanpraet patrykgruszka patrykgruszka
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka Credited to patrykgruszka, majkelstick, and escopecz majkelstick majkelstick
escopecz escopecz
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz Credited to escopecz and patrykgruszka patrykgruszka patrykgruszka
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m Credited to mallo-m and patrykgruszka patrykgruszka patrykgruszka
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk Credited to tomekkowalczyk, patrykgruszka, escopecz, and rafibz007 patrykgruszka patrykgruszka
escopecz escopecz rafibz007 rafibz007
Mautic has insufficient authentication in upgrade flow Moderate
CVE-2022-25770 was published for mautic/core (Composer) Sep 18, 2024
mollux Credited to mollux, escopecz, patrykgruszka, and RCheesley escopecz escopecz
patrykgruszka patrykgruszka RCheesley RCheesley
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka Credited to patrykgruszka, lenonleite, and escopecz lenonleite lenonleite
escopecz escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin Credited to mqrtin, patrykgruszka, lenonleite, and escopecz patrykgruszka patrykgruszka
lenonleite lenonleite escopecz escopecz
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux Credited to mollux, escopecz, and patrykgruszka escopecz escopecz
patrykgruszka patrykgruszka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database