Lookup for vulnerable packages by Package URL.
| Purl | pkg:pypi/weblate@5.12 |
|---|
| Type | pypi |
|---|
| Namespace | |
|---|
| Name | weblate |
|---|
| Version | 5.12 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 5.16.0 |
|---|
| Latest_non_vulnerable_version | 2026.5 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-fjt4-422q-nfb1 |
| vulnerability_id |
VCID-fjt4-422q-nfb1 |
| summary |
Weblate lacks rate limiting when verifying second factor
The verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://hackerone.com/reports/3150564 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/ |
|
|
| url |
https://hackerone.com/reports/3150564 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-47951, GHSA-57jg-m997-cx3q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fjt4-422q-nfb1 |
|
| 1 |
| url |
VCID-uzbt-4vw5-aygg |
| vulnerability_id |
VCID-uzbt-4vw5-aygg |
| summary |
Weblate exposes personal IP address via e-mail
The audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/WeblateOrg/weblate |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/WeblateOrg/weblate |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/WeblateOrg/weblate/pull/15102 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/ |
|
|
| url |
https://github.com/WeblateOrg/weblate/pull/15102 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49134, GHSA-4qqf-9m5c-w2c5
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uzbt-4vw5-aygg |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.12 |
|---|