Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6wxc-8mgq-w26m
  • PyPI/weblate
 Weblate: Stored HTML injection in editor search preview 5 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-5cmv-3rc4-7279
  • PyPI/weblate
 Weblate vulnerable to XSS via crafted Markdown 07 May
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-gcg5-86jr-f7jg
  • PyPI/weblate
 Weblate Vulnerable to Private Translation Enumeration via Screenshot API 07 May
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-cwcx-382v-8m9g
  • PyPI/weblate
 Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url 30 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-6j8j-4qp3-36p2
  • PyPI/weblate
 Weblate Doesn't Invalidate API Token on Password Change 30 Apr
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-ffgh-3jrf-8wvh
  • PyPI/weblate
 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision 16 Apr
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-f8hv-g549-hwg2
  • PyPI/weblate
 Weblate: SSRF via the webhook add-on using unprotected fetch_url() 16 Apr
  • Fix available
  • Severity - 4.1 (Medium)
GHSA-3382-gw9x-477v
  • PyPI/weblate
 Weblate: Privilege escalation in the user API endpoint 16 Apr
  • Fix available
  • Severity - 8.8 (High)
GHSA-xrwr-fcw6-fmq8
  • PyPI/weblate
 Weblate: SSRF via Project-Level Machinery Configuration 16 Apr
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-hv99-mxm5-q397
  • PyPI/weblate
 Weblate: Arbitrary File Read via Symlink 16 Apr
  • Fix available
  • Severity - 7.7 (High)
GHSA-5fhx-9jwj-867m
  • PyPI/weblate
 Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads 16 Apr
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-558g-h753-6m33
  • PyPI/weblate
 Weblate: Remote code execution during backup restoration 16 Apr
  • Fix available
  • Severity - 8.0 (High)
GHSA-mqph-7h49-hqfm
  • PyPI/weblate
 Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository 16 Apr
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-mpf5-3vph-q75r
  • PyPI/weblate
 Weblate: Improper access control for the translation memory in API 16 Apr
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-vj45-x3pj-f4w4
  • PyPI/weblate
 Weblate: Improper access control for pending tasks in API 16 Apr
  • Fix available
  • Severity - 3.1 (Low)
PYSEC-2026-156
  • PyPI/weblate
 See record for full details 15 Apr
  • Fix available
  • Severity - 4.1 (Medium)
Load more...(2 pages left)