Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/wagtail@4.2.1
Typepypi
Namespace
Namewagtail
Version4.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.7
Latest_non_vulnerable_version7.3.2
Affected_by_vulnerabilities
0
url VCID-12d4-1bj5-2yb5
vulnerability_id VCID-12d4-1bj5-2yb5
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09514
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44199, GHSA-pwm3-7fv4-g6xx, PYSEC-2026-148
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12d4-1bj5-2yb5
1
url VCID-2upt-d3sg-ebea
vulnerability_id VCID-2upt-d3sg-ebea
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44198, GHSA-c4mr-889m-vgf6, PYSEC-2026-147
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2upt-d3sg-ebea
2
url VCID-5p3e-kwee-ukfr
vulnerability_id VCID-5p3e-kwee-ukfr
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10242
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44197, GHSA-c6wj-9vcj-75pj, PYSEC-2026-146
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3e-kwee-ukfr
3
url VCID-8jfe-n528-xuc2
vulnerability_id VCID-8jfe-n528-xuc2
summary Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
reference_id
reference_type
scores
0
value 0.013
scoring_system epss
scoring_elements 0.80045
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
1
reference_url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
3
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
4
reference_url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
5
reference_url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
6
reference_url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
7
reference_url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
10
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
reference_id CVE-2023-28837
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
12
reference_url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
reference_id GHSA-33pv-vcgh-jfg9
reference_type
scores
url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
fixed_packages
0
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-pkcr-w2en-dufq
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28837, GHSA-33pv-vcgh-jfg9, PYSEC-2023-56
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jfe-n528-xuc2
4
url VCID-8k9y-g5uj-nfaz
vulnerability_id VCID-8k9y-g5uj-nfaz
summary Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28836
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.78301
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28836
1
reference_url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
2
reference_url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml
4
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
5
reference_url https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
6
reference_url https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
7
reference_url https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
8
reference_url https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
11
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28836
reference_id CVE-2023-28836
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28836
13
reference_url https://github.com/advisories/GHSA-5286-f2rf-35c2
reference_id GHSA-5286-f2rf-35c2
reference_type
scores
url https://github.com/advisories/GHSA-5286-f2rf-35c2
fixed_packages
0
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-pkcr-w2en-dufq
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28836, GHSA-5286-f2rf-35c2, PYSEC-2023-55
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8k9y-g5uj-nfaz
5
url VCID-9u79-7g62-23dk
vulnerability_id VCID-9u79-7g62-23dk
summary Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39317
reference_id
reference_type
scores
0
value 0.00329
scoring_system epss
scoring_elements 0.56125
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39317
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2024-86.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2024-86.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2
4
reference_url https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797
5
reference_url https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39317
reference_id CVE-2024-39317
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39317
8
reference_url https://github.com/advisories/GHSA-jmp3-39vp-fwg8
reference_id GHSA-jmp3-39vp-fwg8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmp3-39vp-fwg8
fixed_packages
0
url pkg:pypi/wagtail@5.2.6
purl pkg:pypi/wagtail@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.2.6
1
url pkg:pypi/wagtail@6.0.6
purl pkg:pypi/wagtail@6.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.6
2
url pkg:pypi/wagtail@6.1.3
purl pkg:pypi/wagtail@6.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1.3
aliases CVE-2024-39317, GHSA-jmp3-39vp-fwg8, PYSEC-2024-86
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u79-7g62-23dk
6
url VCID-pkcr-w2en-dufq
vulnerability_id VCID-pkcr-w2en-dufq
summary Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46041
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
4
reference_url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
5
reference_url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
reference_id CVE-2023-45809
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
11
reference_url https://github.com/advisories/GHSA-fc75-58r8-rm3h
reference_id GHSA-fc75-58r8-rm3h
reference_type
scores
url https://github.com/advisories/GHSA-fc75-58r8-rm3h
fixed_packages
0
url pkg:pypi/wagtail@5.0.5
purl pkg:pypi/wagtail@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-qf1m-zu2w-dbds
5
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.0.5
1
url pkg:pypi/wagtail@5.1.3
purl pkg:pypi/wagtail@5.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-9u79-7g62-23dk
4
vulnerability VCID-qf1m-zu2w-dbds
5
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1.3
aliases CVE-2023-45809, GHSA-fc75-58r8-rm3h, PYSEC-2023-219
risk_score 1.2
exploitability 0.5
weighted_severity 2.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkcr-w2en-dufq
7
url VCID-qf1m-zu2w-dbds
vulnerability_id VCID-qf1m-zu2w-dbds
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02074
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44201, GHSA-p5gm-92h4-6pv6, PYSEC-2026-150
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1m-zu2w-dbds
8
url VCID-yvjp-hx9y-mkgf
vulnerability_id VCID-yvjp-hx9y-mkgf
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08279
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44200, GHSA-67rv-mg8q-5pf3, PYSEC-2026-149
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjp-hx9y-mkgf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.1