PYSEC-2026-2048

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/whoogle-search/PYSEC-2026-2048.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2048
Aliases
Published
2026-07-07T16:02:50.947336Z
Modified
2026-07-07T17:47:43.438350691Z
Severity
  • 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
Details

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.

References

Affected packages

PyPI / whoogle-search

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.1

Affected versions

0.*
0.1.0
0.1.3
0.1.4
0.2.0
0.2.1
0.3.0
0.3.1
0.3.2
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.6.0
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/whoogle-search/PYSEC-2026-2048.yaml"