Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/49179?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/49179?format=api", "purl": "pkg:pypi/wagtail@7.0.3", "type": "pypi", "namespace": "", "name": "wagtail", "version": "7.0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.0.7", "latest_non_vulnerable_version": "7.3.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9658?format=api", "vulnerability_id": "VCID-12d4-1bj5-2yb5", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09514", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44199" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199" }, { "reference_url": "https://github.com/advisories/GHSA-pwm3-7fv4-g6xx", "reference_id": "GHSA-pwm3-7fv4-g6xx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwm3-7fv4-g6xx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49195?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44199", "GHSA-pwm3-7fv4-g6xx", "PYSEC-2026-148" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12d4-1bj5-2yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22374?format=api", "vulnerability_id": "VCID-1dyp-u5tf-mqhh", "summary": "Wagtail has improper permission handling on admin preview endpoints\nDue to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02431", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25517" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.6" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.4" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.1.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.1.3" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.2" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25517", "reference_id": "CVE-2026-25517", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25517" }, { "reference_url": "https://github.com/advisories/GHSA-4qvv-g3vr-m348", "reference_id": "GHSA-4qvv-g3vr-m348", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qvv-g3vr-m348" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348", "reference_id": "GHSA-4qvv-g3vr-m348", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49180?format=api", "purl": "pkg:pypi/wagtail@7.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/49186?format=api", "purl": "pkg:pypi/wagtail@7.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/49190?format=api", "purl": "pkg:pypi/wagtail@7.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49193?format=api", "purl": "pkg:pypi/wagtail@7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3" } ], "aliases": [ "CVE-2026-25517", "GHSA-4qvv-g3vr-m348" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dyp-u5tf-mqhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9657?format=api", "vulnerability_id": "VCID-2upt-d3sg-ebea", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09075", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44198" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198" }, { "reference_url": "https://github.com/advisories/GHSA-c4mr-889m-vgf6", "reference_id": "GHSA-c4mr-889m-vgf6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4mr-889m-vgf6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49195?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44198", "GHSA-c4mr-889m-vgf6", "PYSEC-2026-147" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2upt-d3sg-ebea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9656?format=api", "vulnerability_id": "VCID-5p3e-kwee-ukfr", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10242", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44197" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197" }, { "reference_url": "https://github.com/advisories/GHSA-c6wj-9vcj-75pj", "reference_id": "GHSA-c6wj-9vcj-75pj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6wj-9vcj-75pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49195?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44197", "GHSA-c6wj-9vcj-75pj", "PYSEC-2026-146" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3e-kwee-ukfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9660?format=api", "vulnerability_id": "VCID-qf1m-zu2w-dbds", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02074", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44201" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201" }, { "reference_url": "https://github.com/advisories/GHSA-p5gm-92h4-6pv6", "reference_id": "GHSA-p5gm-92h4-6pv6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5gm-92h4-6pv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49195?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44201", "GHSA-p5gm-92h4-6pv6", "PYSEC-2026-150" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1m-zu2w-dbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9659?format=api", "vulnerability_id": "VCID-yvjp-hx9y-mkgf", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08279", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44200" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200" }, { "reference_url": "https://github.com/advisories/GHSA-67rv-mg8q-5pf3", "reference_id": "GHSA-67rv-mg8q-5pf3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67rv-mg8q-5pf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49195?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44200", "GHSA-67rv-mg8q-5pf3", "PYSEC-2026-149" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjp-hx9y-mkgf" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.3" }