OSV - Open Source Vulnerabilities

GHSA-hfpv-mc5v-p9mm

PyPI/weblate

Weblate has a Server-Side Request Forgery issue

41 minutes ago

Fix available
Severity - 5.0 (Medium)

GHSA-6wxc-8mgq-w26m

PyPI/weblate

Weblate: Stored HTML injection in editor search preview

15 May

Fix available
Severity - 4.6 (Medium)

GHSA-5cmv-3rc4-7279

PyPI/weblate

Weblate vulnerable to XSS via crafted Markdown

07 May

Fix available
Severity - 4.3 (Medium)

GHSA-gcg5-86jr-f7jg

PyPI/weblate

Weblate Vulnerable to Private Translation Enumeration via Screenshot API

07 May

Fix available
Severity - 4.3 (Medium)

GHSA-cwcx-382v-8m9g

PyPI/weblate

Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

30 Apr

Fix available
Severity - 5.3 (Medium)

GHSA-6j8j-4qp3-36p2

PyPI/weblate

Weblate Doesn't Invalidate API Token on Password Change

30 Apr

Fix available
Severity - 4.2 (Medium)

GHSA-ffgh-3jrf-8wvh

PyPI/weblate

Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision

16 Apr

Fix available
Severity - 5.0 (Medium)

GHSA-f8hv-g549-hwg2

PyPI/weblate

Weblate: SSRF via the webhook add-on using unprotected fetch_url()

16 Apr

Fix available
Severity - 4.1 (Medium)

GHSA-3382-gw9x-477v

PyPI/weblate

Weblate: Privilege escalation in the user API endpoint

16 Apr

Fix available
Severity - 8.8 (High)

GHSA-xrwr-fcw6-fmq8

PyPI/weblate

Weblate: SSRF via Project-Level Machinery Configuration

16 Apr

Fix available
Severity - 5.0 (Medium)

GHSA-hv99-mxm5-q397

PyPI/weblate

Weblate: Arbitrary File Read via Symlink

16 Apr

Fix available
Severity - 7.7 (High)

GHSA-5fhx-9jwj-867m

PyPI/weblate

Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads

16 Apr

Fix available
Severity - 5.0 (Medium)

GHSA-558g-h753-6m33

PyPI/weblate

Weblate: Remote code execution during backup restoration

16 Apr

Fix available
Severity - 8.0 (High)

GHSA-mqph-7h49-hqfm

PyPI/weblate

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

16 Apr

Fix available
Severity - 6.8 (Medium)

GHSA-mpf5-3vph-q75r

PyPI/weblate

Weblate: Improper access control for the translation memory in API

16 Apr

Fix available
Severity - 4.3 (Medium)

GHSA-vj45-x3pj-f4w4

PyPI/weblate

Weblate: Improper access control for pending tasks in API

16 Apr

Fix available
Severity - 3.1 (Low)

Load more...(2 pages left)