PYSEC-2025-187

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/taguette/PYSEC-2025-187.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-187

Aliases

Published

2025-10-20T20:15:37.573Z

Modified

2026-05-20T09:19:18.035895Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

References

Affected packages

PyPI / taguette

Package

Name: taguette; View open source insights on deps.dev
Purl: pkg:pypi/taguette

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1

Affected versions

0.*

0.0

0.0.1

0.1

0.2

0.3

0.4

0.4.1

0.4.2

0.4.3

0.4.4

0.5.post1

0.6

0.7

0.8

0.9

0.9.1

0.9.2

0.10

0.10.1

0.11

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.2.0

1.3.0

1.4.1

1.5.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/taguette/PYSEC-2025-187.yaml"