Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/wagtail@0.4.1
Typepypi
Namespace
Namewagtail
Version0.4.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.7
Latest_non_vulnerable_version7.3.2
Affected_by_vulnerabilities
0
url VCID-12d4-1bj5-2yb5
vulnerability_id VCID-12d4-1bj5-2yb5
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09514
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44199, GHSA-pwm3-7fv4-g6xx, PYSEC-2026-148
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12d4-1bj5-2yb5
1
url VCID-2upt-d3sg-ebea
vulnerability_id VCID-2upt-d3sg-ebea
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44198, GHSA-c4mr-889m-vgf6, PYSEC-2026-147
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2upt-d3sg-ebea
2
url VCID-5p3e-kwee-ukfr
vulnerability_id VCID-5p3e-kwee-ukfr
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10242
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44197, GHSA-c6wj-9vcj-75pj, PYSEC-2026-146
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3e-kwee-ukfr
3
url VCID-8jfe-n528-xuc2
vulnerability_id VCID-8jfe-n528-xuc2
summary Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
reference_id
reference_type
scores
0
value 0.013
scoring_system epss
scoring_elements 0.80045
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
1
reference_url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
3
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
4
reference_url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
5
reference_url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
6
reference_url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
7
reference_url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
10
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
reference_id CVE-2023-28837
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
12
reference_url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
reference_id GHSA-33pv-vcgh-jfg9
reference_type
scores
url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
fixed_packages
0
url pkg:pypi/wagtail@4.1.4
purl pkg:pypi/wagtail@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-pkcr-w2en-dufq
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4
1
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-pkcr-w2en-dufq
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28837, GHSA-33pv-vcgh-jfg9, PYSEC-2023-56
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jfe-n528-xuc2
4
url VCID-btdp-8uac-rkhp
vulnerability_id VCID-btdp-8uac-rkhp
summary Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with 'editor' access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django's `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32681
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52978
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32681
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.11.8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.11.8
4
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.12.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.12.5
5
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.13.2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.13.2
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32681
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32681
fixed_packages
0
url pkg:pypi/wagtail@2.11.8
purl pkg:pypi/wagtail@2.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-8jfe-n528-xuc2
4
vulnerability VCID-8k9y-g5uj-nfaz
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-pkcr-w2en-dufq
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.8
1
url pkg:pypi/wagtail@2.12.5
purl pkg:pypi/wagtail@2.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-8jfe-n528-xuc2
4
vulnerability VCID-8k9y-g5uj-nfaz
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-pkcr-w2en-dufq
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.5
2
url pkg:pypi/wagtail@2.13.2
purl pkg:pypi/wagtail@2.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-8jfe-n528-xuc2
4
vulnerability VCID-8k9y-g5uj-nfaz
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-chj9-nmry-q3f1
7
vulnerability VCID-pkcr-w2en-dufq
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13.2
aliases CVE-2021-32681, GHSA-xfrw-hxr5-ghqf, PYSEC-2021-103
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-btdp-8uac-rkhp
5
url VCID-cfkh-sdk4-3uan
vulnerability_id VCID-cfkh-sdk4-3uan
summary Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29434
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50921
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29434
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4
4
reference_url https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c
5
reference_url https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29434
8
reference_url https://pypi.org/project/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/wagtail
9
reference_url https://pypi.org/project/wagtail/
reference_id
reference_type
scores
url https://pypi.org/project/wagtail/
fixed_packages
0
url pkg:pypi/wagtail@2.11.6
purl pkg:pypi/wagtail@2.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-8jfe-n528-xuc2
4
vulnerability VCID-8k9y-g5uj-nfaz
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-btdp-8uac-rkhp
7
vulnerability VCID-cfkh-sdk4-3uan
8
vulnerability VCID-pkcr-w2en-dufq
9
vulnerability VCID-qf1m-zu2w-dbds
10
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.6
1
url pkg:pypi/wagtail@2.11.7
purl pkg:pypi/wagtail@2.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-8jfe-n528-xuc2
4
vulnerability VCID-8k9y-g5uj-nfaz
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-btdp-8uac-rkhp
7
vulnerability VCID-pkcr-w2en-dufq
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.7
2
url pkg:pypi/wagtail@2.12.4
purl pkg:pypi/wagtail@2.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-8jfe-n528-xuc2
4
vulnerability VCID-8k9y-g5uj-nfaz
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-btdp-8uac-rkhp
7
vulnerability VCID-pkcr-w2en-dufq
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.4
aliases CVE-2021-29434, GHSA-wq5h-f9p5-q7fx, PYSEC-2021-114
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfkh-sdk4-3uan
6
url VCID-pkcr-w2en-dufq
vulnerability_id VCID-pkcr-w2en-dufq
summary Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46041
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
4
reference_url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
5
reference_url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
reference_id CVE-2023-45809
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
11
reference_url https://github.com/advisories/GHSA-fc75-58r8-rm3h
reference_id GHSA-fc75-58r8-rm3h
reference_type
scores
url https://github.com/advisories/GHSA-fc75-58r8-rm3h
fixed_packages
0
url pkg:pypi/wagtail@4.1.9
purl pkg:pypi/wagtail@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-qf1m-zu2w-dbds
5
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.9
1
url pkg:pypi/wagtail@5.0.5
purl pkg:pypi/wagtail@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-qf1m-zu2w-dbds
5
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.0.5
2
url pkg:pypi/wagtail@5.1.3
purl pkg:pypi/wagtail@5.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-qf1m-zu2w-dbds
5
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1.3
aliases CVE-2023-45809, GHSA-fc75-58r8-rm3h, PYSEC-2023-219
risk_score 1.2
exploitability 0.5
weighted_severity 2.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkcr-w2en-dufq
7
url VCID-qf1m-zu2w-dbds
vulnerability_id VCID-qf1m-zu2w-dbds
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02074
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44201, GHSA-p5gm-92h4-6pv6, PYSEC-2026-150
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1m-zu2w-dbds
8
url VCID-yvjp-hx9y-mkgf
vulnerability_id VCID-yvjp-hx9y-mkgf
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08279
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44200, GHSA-67rv-mg8q-5pf3, PYSEC-2026-149
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjp-hx9y-mkgf
Fixing_vulnerabilities
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@0.4.1