VulnerableCode Package Details - pkg:pypi/mayan-edms@4.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-92gn-k1jm-47fe Aliases: CVE-2025-14691 GHSA-774q-r975-vqwp PYSEC-2025-134	A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."	4.6.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.9.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.10.2 Affected by 0 other vulnerabilities.
VCID-mynh-sahb-2be8 Aliases: CVE-2025-14692 GHSA-x37w-7p52-8f49 PYSEC-2025-135	A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."	4.6.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.9.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.10.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-92gn-k1jm-47fe
Aliases:
CVE-2025-14691
GHSA-774q-r975-vqwp
PYSEC-2025-134

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

4.6.12
Affected by 2 other vulnerabilities.

4.7.8
Affected by 2 other vulnerabilities.

4.8.10
Affected by 2 other vulnerabilities.

4.9.7
Affected by 2 other vulnerabilities.

4.10.2
Affected by 0 other vulnerabilities.

VCID-mynh-sahb-2be8
Aliases:
CVE-2025-14692
GHSA-x37w-7p52-8f49
PYSEC-2025-135

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

4.6.12
Affected by 2 other vulnerabilities.

4.7.8
Affected by 2 other vulnerabilities.

4.8.10
Affected by 2 other vulnerabilities.

4.9.7
Affected by 2 other vulnerabilities.

4.10.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:32.442989+00:00	Pypa Importer	Affected by	VCID-mynh-sahb-2be8	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2025-135.yaml	38.6.0
2026-06-02T04:23:31.132315+00:00	Pypa Importer	Affected by	VCID-92gn-k1jm-47fe	https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2025-134.yaml	38.6.0

2026-06-02T04:23:32.442989+00:00

Pypa Importer

Affected by

VCID-mynh-sahb-2be8

https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2025-135.yaml

38.6.0

2026-06-02T04:23:31.132315+00:00

Pypa Importer

Affected by

VCID-92gn-k1jm-47fe

https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2025-134.yaml

38.6.0

Next non-vulnerable version	4.10.2
Latest non-vulnerable version	4.10.2
Risk