Mantisbt/mantisbt

This hub aggregates every CVE we track for Mantisbt/mantisbt, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mantisbt/mantisbt.

• CVE-2025-62520MantisBT unauthorized disclosure of private project column configuration4.3Nov 4, 2025
• CVE-2025-55155MantisBT: Authentication bypass for some passwords due to PHP type juggling5.4Nov 4, 2025
• CVE-2025-47776MantisBT: Authentication bypass for some passwords due to PHP type juggling9.1Nov 4, 2025
• CVE-2025-46556MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length6.5Nov 4, 2025
• CVE-2024-45792MantisBT vulnerable to information disclosure with user profiles6.5Sep 30, 2024
• CVE-2024-34081MantisBT Cross-site Scripting vulnerability6.6May 13, 2024
• CVE-2024-34080MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor5.3May 13, 2024
• CVE-2024-34077MantisBT user account takeover in the signup/reset password process7.3May 13, 2024
• CVE-2024-23830MantisBT Host Header Injection vulnerability8.3Feb 20, 2024
• CVE-2023-44394Disclosure of project names to unauthorized users in MantisBT4.3Oct 16, 2023
• CVE-2023-22476MantisBT: Exposure of Private issues' summary to unauthorized users4.3Feb 23, 2023
• CVE-2022-33910An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download....5.4Jun 24, 2022
• CVE-2022-28508An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.6.1May 4, 2022
• CVE-2021-43257Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.ph...7.8Apr 14, 2022
• CVE-2022-26144An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall...6.1Apr 13, 2022