Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite Credited to lenonleite
Mautic: MST-48 Server-Side Request Forgery in Asset section Moderate
CVE-2022-25777 was published for mautic/core (Composer) Apr 12, 2024
lenonleite Credited to lenonleite
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Moderate
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite Credited to lenonleite and escopecz escopecz escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin Credited to mqrtin, patrykgruszka, lenonleite, and escopecz patrykgruszka patrykgruszka
lenonleite lenonleite escopecz escopecz
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka Credited to patrykgruszka, lenonleite, and escopecz lenonleite lenonleite
escopecz escopecz
Mautic does not shield .env files from web traffic Moderate
CVE-2024-47056 was published for mautic/core (Composer) May 28, 2025
r3ky Credited to r3ky, lenonleite, nick-vanpraet, and patrykgruszka lenonleite lenonleite
nick-vanpraet nick-vanpraet patrykgruszka patrykgruszka
Mautic vulnerable to secret data extraction via elfinder Moderate
CVE-2025-9822 was published for mautic/core (Composer) Sep 3, 2025
B0D0B0P0T Credited to B0D0B0P0T, lenonleite, and kuzmany lenonleite lenonleite
kuzmany kuzmany
ProTip! Advisories are also available from the GraphQL API