VulnerableCode Package Details - pkg:pypi/cadwyn@3.6.0.dev0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/cadwyn@3.6.0.dev0

Essentials
History (1)

purl	pkg:pypi/cadwyn@3.6.0.dev0

Next non-vulnerable version	5.4.3
Latest non-vulnerable version	5.4.3
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-fc98-s2k6-mkgg Aliases: CVE-2025-53528 GHSA-2gxp-6r36-m97r PYSEC-2025-71	Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably allow an attacker to execute JavaScript code on a user's session for any application based on Cadwyn via a one-click attack. The vulnerability has been fixed in version 5.4.3.	5.4.3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:17.709412+00:00	Pypa Importer	Affected by	VCID-fc98-s2k6-mkgg	https://github.com/pypa/advisory-database/blob/main/vulns/cadwyn/PYSEC-2025-71.yaml	38.6.0