Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/fava@1.22.2
purl pkg:pypi/fava@1.22.2
Next non-vulnerable version 1.22.3
Latest non-vulnerable version 1.22.3
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-x45u-rng5-n3dm
Aliases:
CVE-2022-2589
GHSA-6hcj-qrw3-m66q
PYSEC-2022-246
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
1.22.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-nmpg-e4rn-5ffd Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. CVE-2022-2523
GHSA-q8hg-3vqv-f8v3
PYSEC-2022-240

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:17:31.535643+00:00 Pypa Importer Affected by VCID-x45u-rng5-n3dm https://github.com/pypa/advisory-database/blob/main/vulns/fava/PYSEC-2022-246.yaml 38.6.0
2026-06-02T04:17:30.969835+00:00 Pypa Importer Fixing VCID-nmpg-e4rn-5ffd https://github.com/pypa/advisory-database/blob/main/vulns/fava/PYSEC-2022-240.yaml 38.6.0