Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87409?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87409?format=api", "purl": "pkg:pypi/weblate@4.14.1", "type": "pypi", "namespace": "", "name": "weblate", "version": "4.14.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.17.1", "latest_non_vulnerable_version": "2026.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82706?format=api", "vulnerability_id": "VCID-13gh-1j1y-pud2", "summary": "Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02111", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02104", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02101", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24126" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17722", "reference_id": "17722", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T17:13:05Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17722" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/78773cc141ce0a97900c11341e6cf856451395fd", "reference_id": "78773cc141ce0a97900c11341e6cf856451395fd", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T17:13:05Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/78773cc141ce0a97900c11341e6cf856451395fd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24126", "reference_id": "CVE-2026-24126", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24126" }, { "reference_url": "https://github.com/advisories/GHSA-33fm-6gp7-4p47", "reference_id": "GHSA-33fm-6gp7-4p47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33fm-6gp7-4p47" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47", "reference_id": "GHSA-33fm-6gp7-4p47", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T17:13:05Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39198?format=api", "purl": "pkg:pypi/weblate@5.16.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92243?format=api", "purl": "pkg:pypi/weblate@5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.16" } ], "aliases": [ "CVE-2026-24126", "GHSA-33fm-6gp7-4p47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13gh-1j1y-pud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90812?format=api", "vulnerability_id": "VCID-27fd-5u31-q7ft", "summary": "Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09982", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09968", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09976", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10443", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64326" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-230.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-230.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/16781", "reference_id": "16781", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T21:17:50Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/16781" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64326", "reference_id": "CVE-2025-64326", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64326" }, { "reference_url": "https://github.com/advisories/GHSA-gr35-vpx2-qxhc", "reference_id": "GHSA-gr35-vpx2-qxhc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gr35-vpx2-qxhc" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc", "reference_id": "GHSA-gr35-vpx2-qxhc", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T21:17:50Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35024?format=api", "purl": "pkg:pypi/weblate@5.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-849m-3c8x-z3dv" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-nvm6-6nvn-vqff" }, { "vulnerability": "VCID-r36u-2h85-23b2" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" }, { "vulnerability": "VCID-zzf6-uufj-3kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.14.1" } ], "aliases": [ "CVE-2025-64326", "GHSA-gr35-vpx2-qxhc", "PYSEC-2025-126", "PYSEC-2025-230" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27fd-5u31-q7ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28217?format=api", "vulnerability_id": "VCID-3nnm-5hms-ufb2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0151", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01527", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01518", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01514", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33212" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18515", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18515" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33212", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33212" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70", "reference_id": "4e06b12cd05d087db68384e09d5f70fe883f2b70", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:08:54Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70" }, { "reference_url": "https://github.com/advisories/GHSA-vj45-x3pj-f4w4", "reference_id": "GHSA-vj45-x3pj-f4w4", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vj45-x3pj-f4w4" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4", "reference_id": "GHSA-vj45-x3pj-f4w4", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:08:54Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-33212", "GHSA-vj45-x3pj-f4w4" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nnm-5hms-ufb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46448?format=api", "vulnerability_id": "VCID-6fdw-htq7-1ffz", "summary": "Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63433", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63544", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63535", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63547", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39303" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd", "reference_id": "b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:50:23Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39303", "reference_id": "CVE-2024-39303", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39303" }, { "reference_url": "https://github.com/advisories/GHSA-jfgp-674x-6q4p", "reference_id": "GHSA-jfgp-674x-6q4p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfgp-674x-6q4p" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p", "reference_id": "GHSA-jfgp-674x-6q4p", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:50:23Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32382?format=api", "purl": "pkg:pypi/weblate@5.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-27fd-5u31-q7ft" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-849m-3c8x-z3dv" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-dyct-cymv-e3fe" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-nvm6-6nvn-vqff" }, { "vulnerability": "VCID-r36u-2h85-23b2" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uams-vzmg-aubk" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-uw48-rjjk-tbc1" }, { "vulnerability": "VCID-veas-z52g-z7ap" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" }, { "vulnerability": "VCID-zzf6-uufj-3kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.6.2" } ], "aliases": [ "CVE-2024-39303", "GHSA-jfgp-674x-6q4p" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fdw-htq7-1ffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28505?format=api", "vulnerability_id": "VCID-7uky-8ks8-8kg1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01239", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01245", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01242", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01235", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-156.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-156.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39845", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39845" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18815", "reference_id": "18815", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:00Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18815" }, { "reference_url": "https://github.com/advisories/GHSA-f8hv-g549-hwg2", "reference_id": "GHSA-f8hv-g549-hwg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8hv-g549-hwg2" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2", "reference_id": "GHSA-f8hv-g549-hwg2", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:00Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-39845", "GHSA-f8hv-g549-hwg2", "PYSEC-2026-156" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uky-8ks8-8kg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28337?format=api", "vulnerability_id": "VCID-7xdv-rje4-bfh5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03643", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03665", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03651", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03659", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34393" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-155.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-155.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34393", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34393" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18687", "reference_id": "18687", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:38:44Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18687" }, { "reference_url": "https://github.com/advisories/GHSA-3382-gw9x-477v", "reference_id": "GHSA-3382-gw9x-477v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3382-gw9x-477v" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v", "reference_id": "GHSA-3382-gw9x-477v", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:38:44Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-34393", "GHSA-3382-gw9x-477v", "PYSEC-2026-155" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xdv-rje4-bfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90814?format=api", "vulnerability_id": "VCID-849m-3c8x-z3dv", "summary": "Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02361", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0236", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02353", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02363", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64725" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9", "reference_id": "02e904675f0608a6bbfbf9466eeccd9d022591e9", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/16913", "reference_id": "16913", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/16913" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64725", "reference_id": "CVE-2025-64725", "reference_type": "", "scores": [ { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64725" }, { "reference_url": "https://github.com/advisories/GHSA-m6hq-f4w9-qrjj", "reference_id": "GHSA-m6hq-f4w9-qrjj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6hq-f4w9-qrjj" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj", "reference_id": "GHSA-m6hq-f4w9-qrjj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15", "reference_id": "weblate-5.15", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "1.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36215?format=api", "purl": "pkg:pypi/weblate@5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15" } ], "aliases": [ "CVE-2025-64725", "GHSA-m6hq-f4w9-qrjj" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-849m-3c8x-z3dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27520?format=api", "vulnerability_id": "VCID-8znh-acd2-53bm", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10938", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10963", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10994", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27457" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18107", "reference_id": "18107", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18107" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18164", "reference_id": "18164", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18164" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9", "reference_id": "3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/7802c9b121eb407c48d4adddd4f2458fb3efef0f", "reference_id": "7802c9b121eb407c48d4adddd4f2458fb3efef0f", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/7802c9b121eb407c48d4adddd4f2458fb3efef0f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27457", "reference_id": "CVE-2026-27457", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27457" }, { "reference_url": "https://github.com/advisories/GHSA-wppc-7cq7-cgfv", "reference_id": "GHSA-wppc-7cq7-cgfv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wppc-7cq7-cgfv" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-wppc-7cq7-cgfv", "reference_id": "GHSA-wppc-7cq7-cgfv", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-wppc-7cq7-cgfv" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.16.1", "reference_id": "weblate-5.16.1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.16.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39919?format=api", "purl": "pkg:pypi/weblate@5.16.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.16.1" } ], "aliases": [ "CVE-2026-27457", "GHSA-wppc-7cq7-cgfv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8znh-acd2-53bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67962?format=api", "vulnerability_id": "VCID-am2b-ejeh-n3gt", "summary": "Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01359", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01345", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01355", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44263" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44263", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44263" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/19258", "reference_id": "19258", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/19258" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203", "reference_id": "6cf892c7bd50b667a65a99d716a90694f7d9f203", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203" }, { "reference_url": "https://github.com/advisories/GHSA-gcg5-86jr-f7jg", "reference_id": "GHSA-gcg5-86jr-f7jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcg5-86jr-f7jg" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg", "reference_id": "GHSA-gcg5-86jr-f7jg", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1", "reference_id": "weblate-5.17.1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373571?format=api", "purl": "pkg:pypi/weblate@5.17.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1" } ], "aliases": [ "CVE-2026-44263", "GHSA-gcg5-86jr-f7jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am2b-ejeh-n3gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28325?format=api", "vulnerability_id": "VCID-bxuh-n3fj-ffga", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04427", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0441", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04413", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04428", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34242" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34242", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34242" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3", "reference_id": "5db3a2a2e047ecaab627a8731cd744a30b2f51d3", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:49Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3" }, { "reference_url": "https://github.com/advisories/GHSA-hv99-mxm5-q397", "reference_id": "GHSA-hv99-mxm5-q397", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hv99-mxm5-q397" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397", "reference_id": "GHSA-hv99-mxm5-q397", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:49Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-34242", "GHSA-hv99-mxm5-q397" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxuh-n3fj-ffga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28223?format=api", "vulnerability_id": "VCID-dfsk-f6ch-hqcn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0452", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04507", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04512", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04527", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-153.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-153.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33220", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33220" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18516", "reference_id": "18516", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18516" }, { "reference_url": "https://github.com/advisories/GHSA-mqph-7h49-hqfm", "reference_id": "GHSA-mqph-7h49-hqfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqph-7h49-hqfm" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm", "reference_id": "GHSA-mqph-7h49-hqfm", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-33220", "GHSA-mqph-7h49-hqfm", "PYSEC-2026-153" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfsk-f6ch-hqcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28218?format=api", "vulnerability_id": "VCID-dsmf-fhrh-ukh3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01482", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01499", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0149", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01484", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33214" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-152.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-152.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33214", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33214" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18513", "reference_id": "18513", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:31:35Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18513" }, { "reference_url": "https://github.com/advisories/GHSA-mpf5-3vph-q75r", "reference_id": "GHSA-mpf5-3vph-q75r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpf5-3vph-q75r" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r", "reference_id": "GHSA-mpf5-3vph-q75r", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:31:35Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-33214", "GHSA-mpf5-3vph-q75r", "PYSEC-2026-152" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsmf-fhrh-ukh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114417?format=api", "vulnerability_id": "VCID-dyct-cymv-e3fe", "summary": "Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49792", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49786", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49804", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49649", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32021" }, { "reference_url": "https://github.com/advisories/GHSA-m67m-3p5g-cw9j", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m67m-3p5g-cw9j" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32021", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32021" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j", "reference_id": "GHSA-m67m-3p5g-cw9j", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:40:58Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.11", "reference_id": "weblate-5.11", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:40:58Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87459?format=api", "purl": "pkg:pypi/weblate@5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-27fd-5u31-q7ft" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-849m-3c8x-z3dv" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-nvm6-6nvn-vqff" }, { "vulnerability": "VCID-r36u-2h85-23b2" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uams-vzmg-aubk" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-uw48-rjjk-tbc1" }, { "vulnerability": "VCID-veas-z52g-z7ap" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" }, { "vulnerability": "VCID-zzf6-uufj-3kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.11" } ], "aliases": [ "CVE-2025-32021", "GHSA-m67m-3p5g-cw9j", "PYSEC-2025-35" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dyct-cymv-e3fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28250?format=api", "vulnerability_id": "VCID-fp81-5b87-j7ax", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01405", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01424", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01417", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01408", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33440" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18550" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33440", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33440" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/8be80625a864c8db5854503872a65e8a0b7399a6", "reference_id": "8be80625a864c8db5854503872a65e8a0b7399a6", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:07Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/8be80625a864c8db5854503872a65e8a0b7399a6" }, { "reference_url": "https://github.com/advisories/GHSA-5fhx-9jwj-867m", "reference_id": "GHSA-5fhx-9jwj-867m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fhx-9jwj-867m" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5fhx-9jwj-867m", "reference_id": "GHSA-5fhx-9jwj-867m", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:07Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5fhx-9jwj-867m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-33440", "GHSA-5fhx-9jwj-867m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fp81-5b87-j7ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95116?format=api", "vulnerability_id": "VCID-nvm6-6nvn-vqff", "summary": "Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is not validated or sanitized, allowing an attacker to supply arbitrary protocols, hostnames, and IP addresses, including localhost, internal network addresses, and local filenames. When the Mercurial version control system is selected, Weblate exposes the full server-side HTTP response for the provided URL. This effectively creates a server-side request forgery (SSRF) primitive that can probe internal services and return their contents. In addition to accessing internal HTTP endpoints, the behavior also enables local file enumeration by attempting file:// requests. While file contents may not always be returned, the application’s error messages clearly differentiate between files that exist and files that do not, revealing information about the server’s filesystem layout. In cloud environments, this behavior is particularly dangerous, as internal-only endpoints such as cloud metadata services may be accessible, potentially leading to credential disclosure and full environment compromise. This has been addressed in the Weblate 5.15 release. As a workaround, remove Mercurial from `VCS_BACKENDS`; the Git backend is not affected. The Git backend was already configured to block the file protocol and does not expose the HTTP response content in the error message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06069", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06053", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06061", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06046", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66407" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-231.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-231.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17102", "reference_id": "17102", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:07:51Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17102" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17103", "reference_id": "17103", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:07:51Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17103" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66407", "reference_id": "CVE-2025-66407", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66407" }, { "reference_url": "https://github.com/advisories/GHSA-hfpv-mc5v-p9mm", "reference_id": "GHSA-hfpv-mc5v-p9mm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hfpv-mc5v-p9mm" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hfpv-mc5v-p9mm", "reference_id": "GHSA-hfpv-mc5v-p9mm", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:07:51Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hfpv-mc5v-p9mm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36215?format=api", "purl": "pkg:pypi/weblate@5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15" } ], "aliases": [ "CVE-2025-66407", "GHSA-hfpv-mc5v-p9mm", "PYSEC-2025-231" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvm6-6nvn-vqff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109177?format=api", "vulnerability_id": "VCID-r36u-2h85-23b2", "summary": "Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05351", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05367", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05361", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67492" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-232.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-232.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17221", "reference_id": "17221", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:13:36Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17221" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67492", "reference_id": "CVE-2025-67492", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67492" }, { "reference_url": "https://github.com/advisories/GHSA-pj86-258h-qrvf", "reference_id": "GHSA-pj86-258h-qrvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj86-258h-qrvf" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf", "reference_id": "GHSA-pj86-258h-qrvf", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:13:36Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/396946?format=api", "purl": "pkg:pypi/weblate@5.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36215?format=api", "purl": "pkg:pypi/weblate@5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15" } ], "aliases": [ "CVE-2025-67492", "GHSA-pj86-258h-qrvf", "PYSEC-2025-232" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r36u-2h85-23b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74232?format=api", "vulnerability_id": "VCID-rauj-hjbg-j7b4", "summary": "Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0872", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11569", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11599", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16322", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21889" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17516", "reference_id": "17516", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T16:58:27Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17516" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47", "reference_id": "a6eb5fd0299780eca286be8ff187dc2d10feec47", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T16:58:27Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21889", "reference_id": "CVE-2026-21889", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21889" }, { "reference_url": "https://github.com/advisories/GHSA-3g2f-4rjg-9385", "reference_id": "GHSA-3g2f-4rjg-9385", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3g2f-4rjg-9385" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385", "reference_id": "GHSA-3g2f-4rjg-9385", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T16:58:27Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37746?format=api", "purl": "pkg:pypi/weblate@5.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.2" } ], "aliases": [ "CVE-2026-21889", "GHSA-3g2f-4rjg-9385" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rauj-hjbg-j7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93260?format=api", "vulnerability_id": "VCID-rfk6-ty49-f3ft", "summary": "Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48539", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48397", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48534", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48553", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68398" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17330", "reference_id": "17330", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17330" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17345", "reference_id": "17345", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17345" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4", "reference_id": "4837a4154390f7c1d03c0e398aa6439dcfa361b4", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68398", "reference_id": "CVE-2025-68398", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68398" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7", "reference_id": "dd8c9d7b00eebe28770fa0e2cd96126791765ea7", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7" }, { "reference_url": "https://github.com/advisories/GHSA-8vcg-cfxj-p5m3", "reference_id": "GHSA-8vcg-cfxj-p5m3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vcg-cfxj-p5m3" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3", "reference_id": "GHSA-8vcg-cfxj-p5m3", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1", "reference_id": "weblate-5.15.1", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36296?format=api", "purl": "pkg:pypi/weblate@5.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1" } ], "aliases": [ "CVE-2025-68398", "GHSA-8vcg-cfxj-p5m3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfk6-ty49-f3ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28540?format=api", "vulnerability_id": "VCID-rywq-qyvb-8fcg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05719", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05727", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05735", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05744", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40256" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18847", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18847" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40256", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40256" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/e30dbcb33ae78e754ecef192d54f996b89cb4e15", "reference_id": "e30dbcb33ae78e754ecef192d54f996b89cb4e15", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/e30dbcb33ae78e754ecef192d54f996b89cb4e15" }, { "reference_url": "https://github.com/advisories/GHSA-ffgh-3jrf-8wvh", "reference_id": "GHSA-ffgh-3jrf-8wvh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffgh-3jrf-8wvh" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-ffgh-3jrf-8wvh", "reference_id": "GHSA-ffgh-3jrf-8wvh", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-ffgh-3jrf-8wvh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-40256", "GHSA-ffgh-3jrf-8wvh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rywq-qyvb-8fcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28249?format=api", "vulnerability_id": "VCID-rzfg-uyxe-xyhd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29593", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29793", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29808", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2979", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33435" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-154.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-154.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33435", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33435" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18549", "reference_id": "18549", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:40:18Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18549" }, { "reference_url": "https://github.com/advisories/GHSA-558g-h753-6m33", "reference_id": "GHSA-558g-h753-6m33", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-558g-h753-6m33" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33", "reference_id": "GHSA-558g-h753-6m33", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:40:18Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-33435", "GHSA-558g-h753-6m33", "PYSEC-2026-154" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzfg-uyxe-xyhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80685?format=api", "vulnerability_id": "VCID-se5h-tu1z-1ybv", "summary": "Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via \"cycle_session_keys()\", but DRF API tokens (\"wlu_*\" prefix) stored in \"authtoken_token\" are not revoked. This issue has been patched in version 5.17.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01162", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01171", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01161", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01167", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41519" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41519", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41519" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/19057", "reference_id": "19057", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/19057" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/649a2da81700542f95c0807b3c625fc3bb0eaf95", "reference_id": "649a2da81700542f95c0807b3c625fc3bb0eaf95", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/649a2da81700542f95c0807b3c625fc3bb0eaf95" }, { "reference_url": "https://github.com/advisories/GHSA-6j8j-4qp3-36p2", "reference_id": "GHSA-6j8j-4qp3-36p2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6j8j-4qp3-36p2" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6j8j-4qp3-36p2", "reference_id": "GHSA-6j8j-4qp3-36p2", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6j8j-4qp3-36p2" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1", "reference_id": "weblate-5.17.1", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373571?format=api", "purl": "pkg:pypi/weblate@5.17.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1" } ], "aliases": [ "CVE-2026-41519", "GHSA-6j8j-4qp3-36p2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-se5h-tu1z-1ybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67706?format=api", "vulnerability_id": "VCID-ttsu-s5sc-47f1", "summary": "Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01875", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01888", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01878", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01876", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44264" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44264", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44264" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/19259", "reference_id": "19259", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/19259" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/85abc9df88b7464f4c0e794aef752e45f4230f75", "reference_id": "85abc9df88b7464f4c0e794aef752e45f4230f75", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/85abc9df88b7464f4c0e794aef752e45f4230f75" }, { "reference_url": "https://github.com/advisories/GHSA-5cmv-3rc4-7279", "reference_id": "GHSA-5cmv-3rc4-7279", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5cmv-3rc4-7279" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5cmv-3rc4-7279", "reference_id": "GHSA-5cmv-3rc4-7279", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5cmv-3rc4-7279" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1", "reference_id": "weblate-5.17.1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373571?format=api", "purl": "pkg:pypi/weblate@5.17.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1" } ], "aliases": [ "CVE-2026-44264", "GHSA-5cmv-3rc4-7279" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttsu-s5sc-47f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119668?format=api", "vulnerability_id": "VCID-uams-vzmg-aubk", "summary": "Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42191", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42356", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42378", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47951" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47951" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/14918", "reference_id": "14918", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/14918" }, { "reference_url": "https://hackerone.com/reports/3150564", "reference_id": "3150564", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/" } ], "url": "https://hackerone.com/reports/3150564" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384", "reference_id": "f806293451248c5d95e45b3b507e9d158bc4f384", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384" }, { "reference_url": "https://github.com/advisories/GHSA-57jg-m997-cx3q", "reference_id": "GHSA-57jg-m997-cx3q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57jg-m997-cx3q" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q", "reference_id": "GHSA-57jg-m997-cx3q", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1", "reference_id": "weblate-5.12.1", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378727?format=api", "purl": "pkg:pypi/weblate@5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.12" } ], "aliases": [ "CVE-2025-47951", "GHSA-57jg-m997-cx3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uams-vzmg-aubk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93427?format=api", "vulnerability_id": "VCID-uctk-5p7z-cug3", "summary": "Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18638", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1866", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18642", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1848", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68279" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17331", "reference_id": "17331", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17331" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17356", "reference_id": "17356", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17356" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68279", "reference_id": "CVE-2025-68279", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68279" }, { "reference_url": "https://github.com/advisories/GHSA-g925-f788-4jh7", "reference_id": "GHSA-g925-f788-4jh7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g925-f788-4jh7" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7", "reference_id": "GHSA-g925-f788-4jh7", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1", "reference_id": "weblate-5.15.1", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36296?format=api", "purl": "pkg:pypi/weblate@5.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1" } ], "aliases": [ "CVE-2025-68279", "GHSA-g925-f788-4jh7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uctk-5p7z-cug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25469?format=api", "vulnerability_id": "VCID-uw48-rjjk-tbc1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55753", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55876", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55889", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55874", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49134" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49134", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49134" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62", "reference_id": "020b2905e4d001cff2452574d10e6cf3621b5f62", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/15102", "reference_id": "15102", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/15102" }, { "reference_url": "https://github.com/advisories/GHSA-4qqf-9m5c-w2c5", "reference_id": "GHSA-4qqf-9m5c-w2c5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qqf-9m5c-w2c5" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5", "reference_id": "GHSA-4qqf-9m5c-w2c5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1", "reference_id": "weblate-5.12.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378727?format=api", "purl": "pkg:pypi/weblate@5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.12" } ], "aliases": [ "CVE-2025-49134", "GHSA-4qqf-9m5c-w2c5" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw48-rjjk-tbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93892?format=api", "vulnerability_id": "VCID-veas-z52g-z7ap", "summary": "Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20179", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20352", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20356", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20375", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58352" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58352", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58352" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908", "reference_id": "0b46fe596231dd456283ead66699ae5516f23908", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:17:51Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/16002", "reference_id": "16002", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:17:51Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/16002" }, { "reference_url": "https://github.com/advisories/GHSA-377j-wj38-4728", "reference_id": "GHSA-377j-wj38-4728", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-377j-wj38-4728" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728", "reference_id": "GHSA-377j-wj38-4728", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:17:51Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89166?format=api", "purl": "pkg:pypi/weblate@5.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-27fd-5u31-q7ft" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-849m-3c8x-z3dv" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-nvm6-6nvn-vqff" }, { "vulnerability": "VCID-r36u-2h85-23b2" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" }, { "vulnerability": "VCID-zzf6-uufj-3kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.13.1" } ], "aliases": [ "CVE-2025-58352", "GHSA-377j-wj38-4728" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-veas-z52g-z7ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81121?format=api", "vulnerability_id": "VCID-wkpe-cvt3-w3d4", "summary": "Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed scheme (e.g. file://, git://). Weblate persists the component via Component.objects.bulk_create([component])[0], which bypasses Django's full_clean() and therefore never runs the validate_repo_url validator. The URL is subsequently written verbatim into .git/config by configure_repo(pull=False). This issue has been patched in version 5.17.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07282", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07313", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07323", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07315", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41654" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41654", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41654" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/19061", "reference_id": "19061", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/19061" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/19062", "reference_id": "19062", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/19062" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/e1eff1f517c1ee315d69581910baaabb724e5ef0", "reference_id": "e1eff1f517c1ee315d69581910baaabb724e5ef0", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/e1eff1f517c1ee315d69581910baaabb724e5ef0" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/e4b67a76d95d5165ecb9937f7485fd79223b7f14", "reference_id": "e4b67a76d95d5165ecb9937f7485fd79223b7f14", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/e4b67a76d95d5165ecb9937f7485fd79223b7f14" }, { "reference_url": "https://github.com/advisories/GHSA-cwcx-382v-8m9g", "reference_id": "GHSA-cwcx-382v-8m9g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwcx-382v-8m9g" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-cwcx-382v-8m9g", "reference_id": "GHSA-cwcx-382v-8m9g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-cwcx-382v-8m9g" }, { "reference_url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1", "reference_id": "weblate-5.17.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/" } ], "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373571?format=api", "purl": "pkg:pypi/weblate@5.17.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1" } ], "aliases": [ "CVE-2026-41654", "GHSA-cwcx-382v-8m9g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkpe-cvt3-w3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28326?format=api", "vulnerability_id": "VCID-ynw1-ttb5-4ydn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01405", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01424", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01417", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01408", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34244" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/18684", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate/pull/18684" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34244", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34244" }, { "reference_url": "https://github.com/WeblateOrg/weblate/commit/e619e9090202e4886b844c110d39308e7e882c0e", "reference_id": "e619e9090202e4886b844c110d39308e7e882c0e", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:58Z/" } ], "url": "https://github.com/WeblateOrg/weblate/commit/e619e9090202e4886b844c110d39308e7e882c0e" }, { "reference_url": "https://github.com/advisories/GHSA-xrwr-fcw6-fmq8", "reference_id": "GHSA-xrwr-fcw6-fmq8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrwr-fcw6-fmq8" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-xrwr-fcw6-fmq8", "reference_id": "GHSA-xrwr-fcw6-fmq8", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:58Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-xrwr-fcw6-fmq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1206351?format=api", "purl": "pkg:pypi/weblate@5.17.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/92245?format=api", "purl": "pkg:pypi/weblate@5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17" } ], "aliases": [ "CVE-2026-34244", "GHSA-xrwr-fcw6-fmq8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ynw1-ttb5-4ydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109005?format=api", "vulnerability_id": "VCID-zzf6-uufj-3kap", "summary": "Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01737", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01726", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01722", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01729", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67715" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-233.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-233.yaml" }, { "reference_url": "https://github.com/WeblateOrg/weblate", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/WeblateOrg/weblate" }, { "reference_url": "https://github.com/WeblateOrg/weblate/pull/17256", "reference_id": "17256", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T14:36:56Z/" } ], "url": "https://github.com/WeblateOrg/weblate/pull/17256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67715", "reference_id": "CVE-2025-67715", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67715" }, { "reference_url": "https://github.com/advisories/GHSA-3pmh-24wp-xpf4", "reference_id": "GHSA-3pmh-24wp-xpf4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pmh-24wp-xpf4" }, { "reference_url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3pmh-24wp-xpf4", "reference_id": "GHSA-3pmh-24wp-xpf4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T14:36:56Z/" } ], "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3pmh-24wp-xpf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/396946?format=api", "purl": "pkg:pypi/weblate@5.15.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36215?format=api", "purl": "pkg:pypi/weblate@5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13gh-1j1y-pud2" }, { "vulnerability": "VCID-3nnm-5hms-ufb2" }, { "vulnerability": "VCID-7uky-8ks8-8kg1" }, { "vulnerability": "VCID-7xdv-rje4-bfh5" }, { "vulnerability": "VCID-8znh-acd2-53bm" }, { "vulnerability": "VCID-am2b-ejeh-n3gt" }, { "vulnerability": "VCID-bxuh-n3fj-ffga" }, { "vulnerability": "VCID-dfsk-f6ch-hqcn" }, { "vulnerability": "VCID-dsmf-fhrh-ukh3" }, { "vulnerability": "VCID-fp81-5b87-j7ax" }, { "vulnerability": "VCID-rauj-hjbg-j7b4" }, { "vulnerability": "VCID-rfk6-ty49-f3ft" }, { "vulnerability": "VCID-rywq-qyvb-8fcg" }, { "vulnerability": "VCID-rzfg-uyxe-xyhd" }, { "vulnerability": "VCID-se5h-tu1z-1ybv" }, { "vulnerability": "VCID-ttsu-s5sc-47f1" }, { "vulnerability": "VCID-uctk-5p7z-cug3" }, { "vulnerability": "VCID-wkpe-cvt3-w3d4" }, { "vulnerability": "VCID-ynw1-ttb5-4ydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15" } ], "aliases": [ "CVE-2025-67715", "GHSA-3pmh-24wp-xpf4", "PYSEC-2025-233" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzf6-uufj-3kap" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@4.14.1" }