Search for packages
| purl | pkg:pypi/djblets@0.7.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4x66-88fj-mbg6
Aliases: CVE-2014-3995 GHSA-4xf6-xr96-7vmp PYSEC-2014-79 |
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7yvz-bm2e-gkfj
Aliases: CVE-2014-3994 PYSEC-2014-78 |
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ypn4-9m4r-8baq
Aliases: CVE-2013-4409 GHSA-58h8-44mg-r43x PYSEC-2019-175 |
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:05:56.179678+00:00 | Pypa Importer | Affected by | VCID-ypn4-9m4r-8baq | https://github.com/pypa/advisory-database/blob/main/vulns/djblets/PYSEC-2019-175.yaml | 38.6.0 |
| 2026-06-02T04:03:38.750809+00:00 | Pypa Importer | Affected by | VCID-4x66-88fj-mbg6 | https://github.com/pypa/advisory-database/blob/main/vulns/djblets/PYSEC-2014-79.yaml | 38.6.0 |
| 2026-06-02T04:03:38.176184+00:00 | Pypa Importer | Affected by | VCID-7yvz-bm2e-gkfj | https://github.com/pypa/advisory-database/blob/main/vulns/djblets/PYSEC-2014-78.yaml | 38.6.0 |