Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/49193?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/49193?format=api", "purl": "pkg:pypi/wagtail@7.3", "type": "pypi", "namespace": "", "name": "wagtail", "version": "7.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.3.2", "latest_non_vulnerable_version": "7.3.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9658?format=api", "vulnerability_id": "VCID-12d4-1bj5-2yb5", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09514", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44199" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44199", "GHSA-pwm3-7fv4-g6xx", "PYSEC-2026-148" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12d4-1bj5-2yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9657?format=api", "vulnerability_id": "VCID-2upt-d3sg-ebea", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09075", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44198" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44198", "GHSA-c4mr-889m-vgf6", "PYSEC-2026-147" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2upt-d3sg-ebea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9656?format=api", "vulnerability_id": "VCID-5p3e-kwee-ukfr", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10242", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44197" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44197", "GHSA-c6wj-9vcj-75pj", "PYSEC-2026-146" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3e-kwee-ukfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9660?format=api", "vulnerability_id": "VCID-qf1m-zu2w-dbds", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02074", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44201" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44201", "GHSA-p5gm-92h4-6pv6", "PYSEC-2026-150" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1m-zu2w-dbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9659?format=api", "vulnerability_id": "VCID-yvjp-hx9y-mkgf", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08279", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44200" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49196?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44200", "GHSA-67rv-mg8q-5pf3", "PYSEC-2026-149" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjp-hx9y-mkgf" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22374?format=api", "vulnerability_id": "VCID-1dyp-u5tf-mqhh", "summary": "Wagtail has improper permission handling on admin preview endpoints\nDue to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02431", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25517" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.6" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.4" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.1.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.1.3" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.2" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25517", "reference_id": "CVE-2026-25517", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25517" }, { "reference_url": "https://github.com/advisories/GHSA-4qvv-g3vr-m348", "reference_id": "GHSA-4qvv-g3vr-m348", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qvv-g3vr-m348" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348", "reference_id": "GHSA-4qvv-g3vr-m348", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49168?format=api", "purl": "pkg:pypi/wagtail@6.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/49180?format=api", "purl": "pkg:pypi/wagtail@7.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/49186?format=api", "purl": "pkg:pypi/wagtail@7.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/49190?format=api", "purl": "pkg:pypi/wagtail@7.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49193?format=api", "purl": "pkg:pypi/wagtail@7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3" } ], "aliases": [ "CVE-2026-25517", "GHSA-4qvv-g3vr-m348" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dyp-u5tf-mqhh" } ], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3" }