Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/weblate@5.15.1
Typepypi
Namespace
Nameweblate
Version5.15.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.16.0
Latest_non_vulnerable_version5.17
Affected_by_vulnerabilities
0
url VCID-557t-6mjj-7kcr
vulnerability_id VCID-557t-6mjj-7kcr
summary Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can limit the scope of the vulnerability by restricting access to the project backup, as it is only accessible to users who can create projects.
references
0
reference_url https://github.com/WeblateOrg/weblate/pull/18549
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
url https://github.com/WeblateOrg/weblate/pull/18549
1
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33
fixed_packages
0
url pkg:pypi/weblate@5.17
purl pkg:pypi/weblate@5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17
aliases CVE-2026-33435, GHSA-558g-h753-6m33, PYSEC-2026-154
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-557t-6mjj-7kcr
1
url VCID-fesz-pv5h-c3e2
vulnerability_id VCID-fesz-pv5h-c3e2
summary Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround.
references
0
reference_url https://github.com/WeblateOrg/weblate/pull/18815
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
url https://github.com/WeblateOrg/weblate/pull/18815
1
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2
fixed_packages
0
url pkg:pypi/weblate@5.17
purl pkg:pypi/weblate@5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17
aliases CVE-2026-39845, GHSA-f8hv-g549-hwg2, PYSEC-2026-156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fesz-pv5h-c3e2
2
url VCID-hdsr-3vyy-5bgh
vulnerability_id VCID-hdsr-3vyy-5bgh
summary Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.
references
0
reference_url https://github.com/WeblateOrg/weblate/pull/18687
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/WeblateOrg/weblate/pull/18687
1
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v
fixed_packages
0
url pkg:pypi/weblate@5.17
purl pkg:pypi/weblate@5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17
aliases CVE-2026-34393, GHSA-3382-gw9x-477v, PYSEC-2026-155
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdsr-3vyy-5bgh
3
url VCID-hvg1-yhgu-m7ca
vulnerability_id VCID-hvg1-yhgu-m7ca
summary Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by blocking access to /api/memory/ in the HTTP server, which removes access to this feature.
references
0
reference_url https://github.com/WeblateOrg/weblate/pull/18513
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://github.com/WeblateOrg/weblate/pull/18513
1
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r
fixed_packages
0
url pkg:pypi/weblate@5.17
purl pkg:pypi/weblate@5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17
aliases CVE-2026-33214, GHSA-mpf5-3vph-q75r, PYSEC-2026-152
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvg1-yhgu-m7ca
4
url VCID-p2hq-a8xy-p3b9
vulnerability_id VCID-p2hq-a8xy-p3b9
summary Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this feature as the CDN add-on is not enabled by default.
references
0
reference_url https://github.com/WeblateOrg/weblate/pull/18516
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
url https://github.com/WeblateOrg/weblate/pull/18516
1
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm
fixed_packages
0
url pkg:pypi/weblate@5.17
purl pkg:pypi/weblate@5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17
aliases CVE-2026-33220, GHSA-mqph-7h49-hqfm, PYSEC-2026-153
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2hq-a8xy-p3b9
Fixing_vulnerabilities
0
url VCID-7hct-7z1p-4uey
vulnerability_id VCID-7hct-7z1p-4uey
summary 
Weblate has an arbitrary file read via symbolic links
It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository.
references
0
reference_url https://github.com/WeblateOrg/weblate
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate
1
reference_url https://github.com/WeblateOrg/weblate/pull/17331
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/pull/17331
2
reference_url https://github.com/WeblateOrg/weblate/pull/17356
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/pull/17356
3
reference_url https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68279
reference_id CVE-2025-68279
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68279
5
reference_url https://github.com/advisories/GHSA-g925-f788-4jh7
reference_id GHSA-g925-f788-4jh7
reference_type
scores
url https://github.com/advisories/GHSA-g925-f788-4jh7
6
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7
reference_id GHSA-g925-f788-4jh7
reference_type
scores
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7
fixed_packages
0
url pkg:pypi/weblate@5.15.1
purl pkg:pypi/weblate@5.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-557t-6mjj-7kcr
1
vulnerability VCID-fesz-pv5h-c3e2
2
vulnerability VCID-hdsr-3vyy-5bgh
3
vulnerability VCID-hvg1-yhgu-m7ca
4
vulnerability VCID-p2hq-a8xy-p3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1
aliases CVE-2025-68279, GHSA-g925-f788-4jh7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hct-7z1p-4uey
1
url VCID-x6n4-rzpv-83fa
vulnerability_id VCID-x6n4-rzpv-83fa
summary 
Weblate is vulnerable to RCE through Git config file overwrite
It was possible to overwrite Git configuration remotely and override some of its behavior.
references
0
reference_url https://github.com/WeblateOrg/weblate
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate
1
reference_url https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
2
reference_url https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
3
reference_url https://github.com/WeblateOrg/weblate/pull/17330
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/pull/17330
4
reference_url https://github.com/WeblateOrg/weblate/pull/17345
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/pull/17345
5
reference_url https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
reference_id
reference_type
scores
url https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68398
reference_id CVE-2025-68398
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68398
7
reference_url https://github.com/advisories/GHSA-8vcg-cfxj-p5m3
reference_id GHSA-8vcg-cfxj-p5m3
reference_type
scores
url https://github.com/advisories/GHSA-8vcg-cfxj-p5m3
8
reference_url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
reference_id GHSA-8vcg-cfxj-p5m3
reference_type
scores
url https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
fixed_packages
0
url pkg:pypi/weblate@5.15.1
purl pkg:pypi/weblate@5.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-557t-6mjj-7kcr
1
vulnerability VCID-fesz-pv5h-c3e2
2
vulnerability VCID-hdsr-3vyy-5bgh
3
vulnerability VCID-hvg1-yhgu-m7ca
4
vulnerability VCID-p2hq-a8xy-p3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1
aliases CVE-2025-68398, GHSA-8vcg-cfxj-p5m3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6n4-rzpv-83fa
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1