VulnerableCode Package Details - pkg:pypi/mayan-edms@2.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/mayan-edms@2.6

Essentials
History (6)

purl	pkg:pypi/mayan-edms@2.6

Next non-vulnerable version	4.10.2
Latest non-vulnerable version	4.10.2
Risk

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-5hk9-rp44-1ud3 Aliases: CVE-2018-16405 GHSA-fpcv-j2q9-vqhw PYSEC-2018-106 PYSEC-2018-16	An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.	3.0.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-92gn-k1jm-47fe Aliases: CVE-2025-14691 GHSA-774q-r975-vqwp PYSEC-2025-134	A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."	4.6.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.9.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.10.2 Affected by 0 other vulnerabilities.
VCID-etyd-8wdw-6fg9 Aliases: CVE-2018-16407 GHSA-5h6m-9mvx-m6c5 PYSEC-2018-15	An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.	3.0.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ex64-9sg9-3kdu Aliases: CVE-2022-47419 GHSA-5m6v-2xgf-qhrw PYSEC-2023-276	An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.	4.3.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mynh-sahb-2be8 Aliases: CVE-2025-14692 GHSA-x37w-7p52-8f49 PYSEC-2025-135	A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."	4.6.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.9.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.10.2 Affected by 0 other vulnerabilities.
VCID-qc9r-2nr9-5uc2 Aliases: CVE-2018-16406 GHSA-5r76-cjf4-c9qx PYSEC-2018-14	An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.	3.0.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:31.744616+00:00	Pypa Importer	Affected by	VCID-mynh-sahb-2be8	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2025-135.yaml	38.6.0
2026-06-02T04:23:30.418443+00:00	Pypa Importer	Affected by	VCID-92gn-k1jm-47fe	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2025-134.yaml	38.6.0
2026-06-02T04:18:16.467874+00:00	Pypa Importer	Affected by	VCID-ex64-9sg9-3kdu	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2023-276.yaml	38.6.0
2026-06-02T04:05:17.370564+00:00	Pypa Importer	Affected by	VCID-5hk9-rp44-1ud3	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2018-106.yaml	38.6.0
2026-06-02T04:05:17.171889+00:00	Pypa Importer	Affected by	VCID-qc9r-2nr9-5uc2	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2018-14.yaml	38.6.0
2026-06-02T04:05:16.960371+00:00	Pypa Importer	Affected by	VCID-etyd-8wdw-6fg9	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2018-15.yaml	38.6.0