Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37212?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37212?format=api", "vulnerability_id": "VCID-jh6j-yq6e-cuad", "summary": "Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}\n is used in an email template, it will be replaced with the buyer's \nname for the final email. This mechanism contained two security-relevant\n bugs:\n\n\n\n * \nIt was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}.\n This way, an attacker with the ability to control email templates \n(usually every user of the pretix backend) could retrieve sensitive \ninformation from the system configuration, including even database \npasswords or API keys. pretix does include mechanisms to prevent the usage of such \nmalicious placeholders, however due to a mistake in the code, they were \nnot fully effective for the email subject.\n\n\n\n\n * \nPlaceholders in subjects and plain text bodies of emails were \nwrongfully evaluated twice. Therefore, if the first evaluation of a \nplaceholder again contains a placeholder, this second placeholder was \nrendered. This allows the rendering of placeholders controlled by the \nticket buyer, and therefore the exploitation of the first issue as a \nticket buyer. Luckily, the only buyer-controlled placeholder available \nin pretix by default (that is not validated in a way that prevents the \nissue) is {invoice_company}, which is very unusual (but not\n impossible) to be contained in an email subject template. In addition \nto broadening the attack surface of the first issue, this could \ntheoretically also leak information about an order to one of the \nattendees within that order. However, we also consider this scenario \nvery unlikely under typical conditions.\n\n\nOut of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/ file.", "aliases": [ { "alias": "CVE-2026-2415" }, { "alias": "GHSA-r8p8-qw9w-j9qv" }, { "alias": "PYSEC-2026-110" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47622?format=api", "purl": "pkg:pypi/pretix@2025.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/47625?format=api", "purl": "pkg:pypi/pretix@2025.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gw4m-xrzv-3fah" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/47627?format=api", "purl": "pkg:pypi/pretix@2026.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gw4m-xrzv-3fah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2026.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32571?format=api", "purl": "pkg:pypi/pretix@4.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-v9fw-cvvw-jkcw" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/32572?format=api", "purl": "pkg:pypi/pretix@4.16.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-v9fw-cvvw-jkcw" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.16.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/32573?format=api", "purl": "pkg:pypi/pretix@4.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-v9fw-cvvw-jkcw" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/32574?format=api", "purl": "pkg:pypi/pretix@4.17.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.17.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36198?format=api", "purl": "pkg:pypi/pretix@4.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36199?format=api", "purl": "pkg:pypi/pretix@4.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.18.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36200?format=api", "purl": "pkg:pypi/pretix@4.18.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.18.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/36201?format=api", "purl": "pkg:pypi/pretix@4.18.2.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.18.2.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36202?format=api", "purl": "pkg:pypi/pretix@4.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.19.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36203?format=api", "purl": "pkg:pypi/pretix@4.20.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.20.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36204?format=api", "purl": "pkg:pypi/pretix@4.20.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.20.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36205?format=api", "purl": "pkg:pypi/pretix@4.20.2.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.20.2.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36206?format=api", "purl": "pkg:pypi/pretix@4.20.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.20.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/36207?format=api", "purl": "pkg:pypi/pretix@2023.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36208?format=api", "purl": "pkg:pypi/pretix@2023.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36209?format=api", "purl": "pkg:pypi/pretix@2023.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/36210?format=api", "purl": "pkg:pypi/pretix@2023.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23sx-2a61-cqfp" }, { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36211?format=api", "purl": "pkg:pypi/pretix@2023.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/40199?format=api", "purl": "pkg:pypi/pretix@2023.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/40200?format=api", "purl": "pkg:pypi/pretix@2023.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40201?format=api", "purl": "pkg:pypi/pretix@2023.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/40202?format=api", "purl": "pkg:pypi/pretix@2023.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40203?format=api", "purl": "pkg:pypi/pretix@2023.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/40204?format=api", "purl": "pkg:pypi/pretix@2023.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40205?format=api", "purl": "pkg:pypi/pretix@2023.10.1.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.10.1.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/40206?format=api", "purl": "pkg:pypi/pretix@2023.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/40207?format=api", "purl": "pkg:pypi/pretix@2024.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-wxjm-jcgw-qydn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40208?format=api", "purl": "pkg:pypi/pretix@2024.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42564?format=api", "purl": "pkg:pypi/pretix@2024.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42565?format=api", "purl": "pkg:pypi/pretix@2024.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42566?format=api", "purl": "pkg:pypi/pretix@2024.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42567?format=api", "purl": "pkg:pypi/pretix@2024.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42568?format=api", "purl": "pkg:pypi/pretix@2024.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42569?format=api", "purl": "pkg:pypi/pretix@2024.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42570?format=api", "purl": "pkg:pypi/pretix@2024.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42571?format=api", "purl": "pkg:pypi/pretix@2024.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33va-vuxq-bbc6" }, { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42572?format=api", "purl": "pkg:pypi/pretix@2024.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46588?format=api", "purl": "pkg:pypi/pretix@2024.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46589?format=api", "purl": "pkg:pypi/pretix@2024.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46590?format=api", "purl": "pkg:pypi/pretix@2024.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46591?format=api", "purl": "pkg:pypi/pretix@2024.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46592?format=api", "purl": "pkg:pypi/pretix@2025.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46593?format=api", "purl": "pkg:pypi/pretix@2025.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46594?format=api", "purl": "pkg:pypi/pretix@2025.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46595?format=api", "purl": "pkg:pypi/pretix@2025.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46596?format=api", "purl": "pkg:pypi/pretix@2025.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46597?format=api", "purl": "pkg:pypi/pretix@2025.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46598?format=api", "purl": "pkg:pypi/pretix@2025.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46599?format=api", "purl": "pkg:pypi/pretix@2025.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvc4-fezc-gufm" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46600?format=api", "purl": "pkg:pypi/pretix@2025.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/47613?format=api", "purl": "pkg:pypi/pretix@2025.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/47614?format=api", "purl": "pkg:pypi/pretix@2025.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/47615?format=api", "purl": "pkg:pypi/pretix@2025.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/47616?format=api", "purl": "pkg:pypi/pretix@2025.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/47617?format=api", "purl": "pkg:pypi/pretix@2025.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/47618?format=api", "purl": "pkg:pypi/pretix@2025.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d994-7d7d-n7hg" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-r8k9-mhm3-jyb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/47619?format=api", "purl": "pkg:pypi/pretix@2025.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/47620?format=api", "purl": "pkg:pypi/pretix@2025.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/47621?format=api", "purl": "pkg:pypi/pretix@2025.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/47622?format=api", "purl": "pkg:pypi/pretix@2025.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/47623?format=api", "purl": "pkg:pypi/pretix@2025.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d994-7d7d-n7hg" }, { "vulnerability": "VCID-gw4m-xrzv-3fah" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" }, { "vulnerability": "VCID-r8k9-mhm3-jyb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/47624?format=api", "purl": "pkg:pypi/pretix@2025.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gw4m-xrzv-3fah" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/47625?format=api", "purl": "pkg:pypi/pretix@2025.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gw4m-xrzv-3fah" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/47626?format=api", "purl": "pkg:pypi/pretix@2026.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gw4m-xrzv-3fah" }, { "vulnerability": "VCID-jh6j-yq6e-cuad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2026.1.0" } ], "references": [ { "reference_url": "https://github.com/pretix/pretix", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pretix/pretix" }, { "reference_url": "https://github.com/pretix/pretix/commit/ba11d24f8dfa4e9d8f03493e56fd8b43983fe297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pretix/pretix/commit/ba11d24f8dfa4e9d8f03493e56fd8b43983fe297" }, { "reference_url": "https://github.com/pretix/pretix/commit/c85afbc621b5f0b1afa618627c45f89323eb0154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pretix/pretix/commit/c85afbc621b5f0b1afa618627c45f89323eb0154" }, { "reference_url": "https://github.com/pretix/pretix/commit/edac35ed4c5466eb63a202575c337d117ddf1c8e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pretix/pretix/commit/edac35ed4c5466eb63a202575c337d117ddf1c8e" }, { "reference_url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1" }, { "reference_url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415", "reference_id": "CVE-2026-2415", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415" }, { "reference_url": "https://github.com/advisories/GHSA-r8p8-qw9w-j9qv", "reference_id": "GHSA-r8p8-qw9w-j9qv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r8p8-qw9w-j9qv" } ], "weaknesses": [ { "cwe_id": 627, "name": "Dynamic Variable Evaluation", "description": "In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "5.9 - 5.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6j-yq6e-cuad" }