Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/plone@4.0.5
purl pkg:pypi/plone@4.0.5
Next non-vulnerable version 5.2.5
Latest non-vulnerable version 6.0.7
Risk 4.0
Vulnerabilities affecting this package (73)
Vulnerability Summary Fixed by
VCID-311f-xecp-47fm
Aliases:
CVE-2017-1000483
GHSA-qc57-h2f7-p4hx
PYSEC-2018-72
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-31m2-mwzq-judc
Aliases:
CVE-2013-4198
GHSA-qjxf-6pr8-j87v
PYSEC-2014-62
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-36xh-ua3s-gyfr
Aliases:
CVE-2020-28736
GHSA-2c8c-84w2-j38j
PYSEC-2020-248
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
5.2.3
Affected by 11 other vulnerabilities.
VCID-3n34-5rm7-nbcj
Aliases:
CVE-2021-33510
GHSA-4mg4-wvmx-5332
PYSEC-2021-82
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
5.2.5
Affected by 0 other vulnerabilities.
VCID-3uw2-j3r6-77ch
Aliases:
CVE-2012-5494
GHSA-3g6w-4m7x-97v6
PYSEC-2014-36
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-3v6x-b2g3-fyhq
Aliases:
CVE-2012-5491
GHSA-f8pg-wp5j-rjxx
PYSEC-2014-33
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-43m1-jkv8-jygp
Aliases:
CVE-2017-1000482
GHSA-859j-668v-mrr6
PYSEC-2018-71
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-46az-51p2-yfdf
Aliases:
CVE-2012-5493
GHSA-25jh-5h5r-h33m
PYSEC-2014-35
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-4bjr-mjug-gqd2
Aliases:
CVE-2015-7315
GHSA-984m-rj28-8c6x
PYSEC-2017-52
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
4.1a1
Affected by 70 other vulnerabilities.
4.2a1
Affected by 54 other vulnerabilities.
4.3a1
Affected by 55 other vulnerabilities.
4.3.7
Affected by 32 other vulnerabilities.
5.0rc2
Affected by 22 other vulnerabilities.
VCID-4hzn-mj8g-37ew
Aliases:
CVE-2012-5504
GHSA-5whw-5cmm-9jw4
PYSEC-2014-46
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-4xdg-1sku-17cd
Aliases:
CVE-2011-1948
GHSA-p7h9-vf92-5fj5
PYSEC-2011-14
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
4.1.1
Affected by 57 other vulnerabilities.
VCID-4ym2-39bg-dbga
Aliases:
CVE-2012-5486
GHSA-77hv-8796-8ccp
PYSEC-2014-28
PYSEC-2014-73
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-5bnw-ktd3-8qeb
Aliases:
CVE-2011-4462
GHSA-pcwm-8jc3-qxvj
PYSEC-2011-22
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4.1.4
Affected by 56 other vulnerabilities.
VCID-5e2c-6mkx-4udu
Aliases:
CVE-2021-33511
GHSA-gc9g-67cq-p7v4
PYSEC-2021-83
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
5.2.5
Affected by 0 other vulnerabilities.
VCID-5kaj-zugj-mbh1
Aliases:
CVE-2016-7140
GHSA-chvw-gjxf-f8mc
PYSEC-2017-63
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-5tbn-qmuj-jya9
Aliases:
CVE-2015-7293
GHSA-p3qm-44cf-f8qx
PYSEC-2017-51
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
5.0a1
Affected by 25 other vulnerabilities.
VCID-5z33-3pqj-gygw
Aliases:
CVE-2020-28734
GHSA-wq6x-g685-w5f2
PYSEC-2020-246
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
5.2.3
Affected by 11 other vulnerabilities.
VCID-6898-z4k5-h3b6
Aliases:
CVE-2016-7147
GHSA-84jm-cpc5-c7g7
PYSEC-2017-64
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-6rsz-krhe-q3gz
Aliases:
CVE-2012-5503
GHSA-prr5-pfr8-q9f3
PYSEC-2014-45
ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-7mc8-x346-eyaq
Aliases:
CVE-2013-4193
GHSA-6fgf-x7wg-hp8r
PYSEC-2014-57
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-83xg-a5v4-4bcw
Aliases:
CVE-2013-4199
GHSA-xfjq-9rxq-ph6m
PYSEC-2014-63
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-8gk5-28z6-7bcf
Aliases:
CVE-2012-5505
GHSA-cq5g-924m-7fxh
PYSEC-2014-47
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-8j8e-z731-7fbz
Aliases:
CVE-2012-5490
GHSA-q46g-v7r4-9vhr
PYSEC-2014-32
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-8md9-zymx-w7cn
Aliases:
CVE-2012-5497
GHSA-683w-84m7-p8pw
PYSEC-2014-39
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-8r52-vc7e-f3bc
Aliases:
CVE-2013-4191
GHSA-grwx-4p5v-9g2g
PYSEC-2014-55
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-99bf-ybqh-dfad
Aliases:
CVE-2012-5500
GHSA-2q75-f7cp-w86q
PYSEC-2014-42
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-9ze6-mfrw-ukdv
Aliases:
CVE-2021-33513
GHSA-fj67-w3m4-rfmp
PYSEC-2021-85
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.
5.2.5
Affected by 0 other vulnerabilities.
VCID-a628-5uyk-w3ca
Aliases:
CVE-2013-4189
GHSA-pwpq-632g-h49g
PYSEC-2014-53
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-a67e-svcb-ekhc
Aliases:
CVE-2013-7061
GHSA-4vr8-r7qr-fpvq
PYSEC-2014-66
PYSEC-2014-68
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
4.3.3
Affected by 34 other vulnerabilities.
VCID-bj9p-4wzt-47cf
Aliases:
CVE-2013-4200
GHSA-56p3-rrp4-2j82
PYSEC-2014-64
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-ch1t-qmtc-xqfx
Aliases:
CVE-2012-5492
GHSA-6w93-4c4p-xv2x
PYSEC-2014-34
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-d68e-uehc-nudc
Aliases:
CVE-2021-33509
GHSA-hm2p-fhwx-9285
PYSEC-2021-81
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
5.2.5
Affected by 0 other vulnerabilities.
VCID-fd6y-2fcd-jbck
Aliases:
CVE-2013-4188
GHSA-w3pw-qxjj-6prr
PYSEC-2014-52
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-fga8-ymex-67fw
Aliases:
CVE-2017-1000484
GHSA-xvwv-6wvx-px9x
PYSEC-2018-73
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-gejv-h449-13e4
Aliases:
CVE-2020-7936
GHSA-82j9-wfcf-9v2h
PYSEC-2020-85
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
4.3.20
Affected by 21 other vulnerabilities.
5.1.7
Affected by 18 other vulnerabilities.
5.2.2
Affected by 13 other vulnerabilities.
VCID-gsnt-c1cd-d3bf
Aliases:
CVE-2016-4042
GHSA-v4vj-49m5-wjhw
PYSEC-2017-56
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
4.3.10
Affected by 31 other vulnerabilities.
5.0.5
Affected by 33 other vulnerabilities.
5.1a2
Affected by 23 other vulnerabilities.
VCID-hzgj-wca9-z3d1
Aliases:
CVE-2012-5498
GHSA-97rj-p794-wq6m
PYSEC-2014-40
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-jhc2-yux7-vybj
Aliases:
CVE-2012-5495
GHSA-w6pw-5gh5-4952
PYSEC-2014-37
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-k34d-p9vb-g7by
Aliases:
CVE-2012-5508
GHSA-wprr-mc54-c62q
PYSEC-2014-50
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-kak6-5sps-z3da
Aliases:
CVE-2012-5488
GHSA-cxw7-85xm-3xrc
PYSEC-2014-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-kmd1-vu9u-d7g4
Aliases:
CVE-2011-1950
GHSA-2qx8-589j-gcpx
PYSEC-2011-16
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
4.0.6
Affected by 73 other vulnerabilities.
4.1.1
Affected by 57 other vulnerabilities.
VCID-kvvr-zc1s-akhn
Aliases:
CVE-2012-5487
GHSA-9m4g-f42q-vrrh
PYSEC-2014-29
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-m91w-vguw-qkem
Aliases:
CVE-2016-7138
GHSA-v3hp-f8qr-cf3p
PYSEC-2017-61
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-mgpa-1taj-pycj
Aliases:
CVE-2012-5501
GHSA-pvhv-qwc8-r2pg
PYSEC-2014-43
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-njnv-5cwt-4ygy
Aliases:
CVE-2016-7137
GHSA-69vh-662j-v988
PYSEC-2017-60
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-pn5z-xdcd-zqd5
Aliases:
CVE-2013-7062
GHSA-4793-w44w-m7xm
PYSEC-2020-218
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
4.0.9
Affected by 73 other vulnerabilities.
4.0.10
Affected by 72 other vulnerabilities.
4.1.6
Affected by 56 other vulnerabilities.
4.2a1
Affected by 54 other vulnerabilities.
4.3a1
Affected by 55 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
4.3.3
Affected by 34 other vulnerabilities.
VCID-pncb-4m8u-hbaw
Aliases:
CVE-2012-5507
GHSA-3qpr-7rmg-73v8
PYSEC-2014-49
PYSEC-2014-75
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-pv2n-2y41-pbg5
Aliases:
CVE-2021-33507
GHSA-35rg-466w-77h3
PYSEC-2021-79
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
5.2.5
Affected by 0 other vulnerabilities.
VCID-qkv2-qpe2-97cx
Aliases:
CVE-2011-1949
GHSA-h6hq-c896-w882
PYSEC-2011-15
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
4.0.6
Affected by 73 other vulnerabilities.
4.1.1
Affected by 57 other vulnerabilities.
VCID-qskf-bt81-5bbe
Aliases:
CVE-2013-4196
GHSA-qphh-5fv5-2mjj
PYSEC-2014-60
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-r874-3h26-j3fp
Aliases:
CVE-2021-33508
GHSA-rmpv-rcp6-v8wc
PYSEC-2021-80
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.
5.2.5
Affected by 0 other vulnerabilities.
VCID-rn4s-px1y-7fbc
Aliases:
CVE-2013-4194
GHSA-mm32-jw73-9227
PYSEC-2014-58
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-s5ab-nud4-5qdg
Aliases:
CVE-2016-4041
GHSA-qqgj-22gr-73vx
PYSEC-2017-55
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
4.3.10
Affected by 31 other vulnerabilities.
5.0.5
Affected by 33 other vulnerabilities.
5.1a2
Affected by 23 other vulnerabilities.
VCID-sa7x-wvn1-skh1
Aliases:
CVE-2021-3313
GHSA-hprr-4vfq-fcxw
PYSEC-2021-78
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
5.2.4
Affected by 10 other vulnerabilities.
VCID-scgs-bz44-ebfk
Aliases:
CVE-2012-6661
GHSA-48vv-2pmq-9fvv
PYSEC-2014-51
PYSEC-2014-76
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-swq8-17qu-vyfw
Aliases:
CVE-2013-4195
GHSA-j67j-8hrp-76xm
PYSEC-2014-59
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-tfmu-7tad-xbbe
Aliases:
CVE-2021-33512
GHSA-hm2h-f456-6j88
PYSEC-2021-84
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.
5.2.5
Affected by 0 other vulnerabilities.
VCID-u1hz-5a2a-ybac
Aliases:
CVE-2012-5499
GHSA-wrf2-2rch-cmr9
PYSEC-2014-41
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-uduq-ujbb-6qd2
Aliases:
CVE-2012-5506
GHSA-79hj-474h-v4xv
PYSEC-2014-48
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-ugq4-1vzc-6uh5
Aliases:
CVE-2017-5524
GHSA-p5wr-vp8g-q5p4
PYSEC-2017-81
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
4.3.12
Affected by 23 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
5.1b1
Affected by 22 other vulnerabilities.
VCID-uv7n-awe5-2fav
Aliases:
CVE-2013-4190
GHSA-89rq-27xp-vgv7
PYSEC-2014-54
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-vc1v-xsbc-kff1
Aliases:
CVE-2012-5489
GHSA-879r-7f3w-8jj3
PYSEC-2014-31
PYSEC-2014-74
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-w2u3-bnqq-mqfz
Aliases:
GMS-2015-51
User information disclosure A vulnerability allows unauthorized disclosure of registered user information.
4.3.8
Affected by 31 other vulnerabilities.
5.0.1
Affected by 33 other vulnerabilities.
VCID-wage-1bme-bkgb
Aliases:
CVE-2020-7939
GHSA-hhmf-7rgg-gcw5
PYSEC-2020-88
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
5.2.2
Affected by 13 other vulnerabilities.
VCID-xa5e-bbcv-byg9
Aliases:
CVE-2013-7060
GHSA-rg52-j87w-pf83
PYSEC-2014-65
PYSEC-2014-67
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
4.3.3
Affected by 34 other vulnerabilities.
VCID-xksv-mub7-dyck
Aliases:
CVE-2012-5485
GHSA-7hxc-mwx7-5hmc
PYSEC-2014-27
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-xpjk-k6tj-2uba
Aliases:
CVE-2012-5502
GHSA-hr59-35cr-qf43
PYSEC-2014-44
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
4.2.3
Affected by 47 other vulnerabilities.
4.3b1
Affected by 31 other vulnerabilities.
VCID-y2bq-cb4v-mke6
Aliases:
CVE-2017-1000481
GHSA-8g72-gq68-6gqh
PYSEC-2018-70
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.
4.3.16
Affected by 20 other vulnerabilities.
5.1.0
Affected by 18 other vulnerabilities.
VCID-yaa8-vy4x-cqbq
Aliases:
CVE-2015-7316
GHSA-vf8g-m3vq-6p4p
PYSEC-2017-53
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
4.0.11
Affected by 0 other vulnerabilities.
4.1a1
Affected by 70 other vulnerabilities.
4.1.7
Affected by 0 other vulnerabilities.
4.2a1
Affected by 54 other vulnerabilities.
4.2.8
Affected by 0 other vulnerabilities.
4.3a1
Affected by 55 other vulnerabilities.
4.3.7
Affected by 32 other vulnerabilities.
5.0rc2
Affected by 22 other vulnerabilities.
VCID-ykg2-qbyr-ayd5
Aliases:
CVE-2013-4197
GHSA-jjvw-3h9j-p7jf
PYSEC-2014-61
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
VCID-ymbd-m6tf-5bap
Aliases:
CVE-2016-7139
GHSA-pp4c-2692-7f37
PYSEC-2017-62
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
4.3.12
Affected by 23 other vulnerabilities.
5.0.6
Affected by 33 other vulnerabilities.
5.0.7
Affected by 25 other vulnerabilities.
VCID-z8kt-tf38-eqgc
Aliases:
CVE-2020-28735
GHSA-x7wf-5mjc-6x76
PYSEC-2020-247
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
5.2.3
Affected by 11 other vulnerabilities.
VCID-zf51-58kf-43bf
Aliases:
CVE-2013-4192
GHSA-f5h9-3hpf-9j8m
PYSEC-2014-56
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
4.1.1
Affected by 57 other vulnerabilities.
4.2.6
Affected by 34 other vulnerabilities.
4.3.2
Affected by 37 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T09:58:40.699065+00:00 GHSA Importer Affected by VCID-qkv2-qpe2-97cx https://github.com/advisories/GHSA-h6hq-c896-w882 38.6.0
2026-05-31T09:58:22.212475+00:00 GHSA Importer Affected by VCID-kmd1-vu9u-d7g4 https://github.com/advisories/GHSA-2qx8-589j-gcpx 38.6.0
2026-05-31T09:58:21.582489+00:00 GHSA Importer Affected by VCID-6rsz-krhe-q3gz https://github.com/advisories/GHSA-prr5-pfr8-q9f3 38.6.0
2026-05-31T09:58:21.006587+00:00 GHSA Importer Affected by VCID-vc1v-xsbc-kff1 https://github.com/advisories/GHSA-879r-7f3w-8jj3 38.6.0
2026-05-31T09:58:19.920435+00:00 GHSA Importer Affected by VCID-4ym2-39bg-dbga https://github.com/advisories/GHSA-77hv-8796-8ccp 38.6.0
2026-05-31T09:58:18.514291+00:00 GHSA Importer Affected by VCID-scgs-bz44-ebfk https://github.com/advisories/GHSA-48vv-2pmq-9fvv 38.6.0
2026-05-31T09:58:17.727234+00:00 GHSA Importer Affected by VCID-pncb-4m8u-hbaw https://github.com/advisories/GHSA-3qpr-7rmg-73v8 38.6.0
2026-05-31T09:58:17.232090+00:00 GHSA Importer Affected by VCID-5bnw-ktd3-8qeb https://github.com/advisories/GHSA-pcwm-8jc3-qxvj 38.6.0
2026-05-31T09:58:05.308563+00:00 GHSA Importer Affected by VCID-ugq4-1vzc-6uh5 https://github.com/advisories/GHSA-p5wr-vp8g-q5p4 38.6.0
2026-05-31T09:52:49.853325+00:00 GitLab Importer Affected by VCID-fga8-ymex-67fw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2017-1000484.yml 38.6.0
2026-05-31T09:48:22.180841+00:00 GitLab Importer Affected by VCID-vc1v-xsbc-kff1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2012-5489.yml 38.6.0
2026-05-31T09:48:21.957243+00:00 GitLab Importer Affected by VCID-4ym2-39bg-dbga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2012-5486.yml 38.6.0
2026-05-31T09:48:21.213614+00:00 GitLab Importer Affected by VCID-kmd1-vu9u-d7g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2011-1950.yml 38.6.0
2026-05-31T09:48:20.629637+00:00 GitLab Importer Affected by VCID-qkv2-qpe2-97cx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2011-1949.yml 38.6.0
2026-05-31T09:48:20.284840+00:00 GitLab Importer Affected by VCID-5bnw-ktd3-8qeb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2011-4462.yml 38.6.0
2026-05-31T09:48:19.471136+00:00 GitLab Importer Affected by VCID-6rsz-krhe-q3gz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2012-5503.yml 38.6.0
2026-05-31T09:48:19.237397+00:00 GitLab Importer Affected by VCID-scgs-bz44-ebfk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2012-6661.yml 38.6.0
2026-05-31T09:48:17.420016+00:00 GitLab Importer Affected by VCID-4xdg-1sku-17cd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2011-1948.yml 38.6.0
2026-05-31T09:48:16.295208+00:00 GitLab Importer Affected by VCID-pncb-4m8u-hbaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2012-5507.yml 38.6.0
2026-05-31T09:48:05.244569+00:00 GitLab Importer Affected by VCID-ugq4-1vzc-6uh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/CVE-2017-5524.yml 38.6.0
2026-05-31T09:42:21.188923+00:00 PyPI Importer Affected by VCID-r874-3h26-j3fp https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:20.882313+00:00 PyPI Importer Affected by VCID-pv2n-2y41-pbg5 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:20.588029+00:00 PyPI Importer Affected by VCID-3n34-5rm7-nbcj https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:20.277860+00:00 PyPI Importer Affected by VCID-tfmu-7tad-xbbe https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:19.983541+00:00 PyPI Importer Affected by VCID-9ze6-mfrw-ukdv https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:19.681804+00:00 PyPI Importer Affected by VCID-5e2c-6mkx-4udu https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:19.385580+00:00 PyPI Importer Affected by VCID-d68e-uehc-nudc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:42:18.936505+00:00 PyPI Importer Affected by VCID-sa7x-wvn1-skh1 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:39:02.788213+00:00 PyPI Importer Affected by VCID-5z33-3pqj-gygw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:39:02.484016+00:00 PyPI Importer Affected by VCID-36xh-ua3s-gyfr https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:39:02.169584+00:00 PyPI Importer Affected by VCID-z8kt-tf38-eqgc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:52.567179+00:00 PyPI Importer Affected by VCID-wage-1bme-bkgb https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:52.336808+00:00 PyPI Importer Affected by VCID-gejv-h449-13e4 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:49.672907+00:00 PyPI Importer Affected by VCID-pn5z-xdcd-zqd5 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:09.380475+00:00 PyPI Importer Affected by VCID-fga8-ymex-67fw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:08.977954+00:00 PyPI Importer Affected by VCID-y2bq-cb4v-mke6 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:08.579018+00:00 PyPI Importer Affected by VCID-43m1-jkv8-jygp https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:08.165914+00:00 PyPI Importer Affected by VCID-311f-xecp-47fm https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:02.755085+00:00 PyPI Importer Affected by VCID-5tbn-qmuj-jya9 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:02.007243+00:00 PyPI Importer Affected by VCID-yaa8-vy4x-cqbq https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:37:01.526875+00:00 PyPI Importer Affected by VCID-4bjr-mjug-gqd2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:57.249831+00:00 PyPI Importer Affected by VCID-ugq4-1vzc-6uh5 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:56.728708+00:00 PyPI Importer Affected by VCID-njnv-5cwt-4ygy https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:56.366868+00:00 PyPI Importer Affected by VCID-m91w-vguw-qkem https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:55.722936+00:00 PyPI Importer Affected by VCID-ymbd-m6tf-5bap https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:55.343938+00:00 PyPI Importer Affected by VCID-5kaj-zugj-mbh1 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:55.031331+00:00 PyPI Importer Affected by VCID-s5ab-nud4-5qdg https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:54.854507+00:00 PyPI Importer Affected by VCID-gsnt-c1cd-d3bf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:54.030548+00:00 PyPI Importer Affected by VCID-6898-z4k5-h3b6 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:37.266200+00:00 PyPI Importer Affected by VCID-scgs-bz44-ebfk https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:37.002506+00:00 PyPI Importer Affected by VCID-k34d-p9vb-g7by https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:36.736627+00:00 PyPI Importer Affected by VCID-99bf-ybqh-dfad https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:35.494052+00:00 PyPI Importer Affected by VCID-u1hz-5a2a-ybac https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:35.234985+00:00 PyPI Importer Affected by VCID-kak6-5sps-z3da https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:34.992195+00:00 PyPI Importer Affected by VCID-6rsz-krhe-q3gz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:34.733676+00:00 PyPI Importer Affected by VCID-8j8e-z731-7fbz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:34.477228+00:00 PyPI Importer Affected by VCID-kvvr-zc1s-akhn https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:34.164258+00:00 PyPI Importer Affected by VCID-4ym2-39bg-dbga https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:33.902819+00:00 PyPI Importer Affected by VCID-xpjk-k6tj-2uba https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:33.504629+00:00 PyPI Importer Affected by VCID-uduq-ujbb-6qd2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:33.046169+00:00 PyPI Importer Affected by VCID-3uw2-j3r6-77ch https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:32.792431+00:00 PyPI Importer Affected by VCID-pncb-4m8u-hbaw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:32.523464+00:00 PyPI Importer Affected by VCID-vc1v-xsbc-kff1 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:32.262904+00:00 PyPI Importer Affected by VCID-mgpa-1taj-pycj https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:32.000538+00:00 PyPI Importer Affected by VCID-8gk5-28z6-7bcf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:31.730797+00:00 PyPI Importer Affected by VCID-46az-51p2-yfdf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:31.471330+00:00 PyPI Importer Affected by VCID-hzgj-wca9-z3d1 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:31.215397+00:00 PyPI Importer Affected by VCID-8md9-zymx-w7cn https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:30.981934+00:00 PyPI Importer Affected by VCID-jhc2-yux7-vybj https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:30.754516+00:00 PyPI Importer Affected by VCID-3v6x-b2g3-fyhq https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:30.522684+00:00 PyPI Importer Affected by VCID-xksv-mub7-dyck https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:30.286100+00:00 PyPI Importer Affected by VCID-4hzn-mj8g-37ew https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:30.052159+00:00 PyPI Importer Affected by VCID-ch1t-qmtc-xqfx https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:26.603859+00:00 PyPI Importer Affected by VCID-a67e-svcb-ekhc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:26.347184+00:00 PyPI Importer Affected by VCID-xa5e-bbcv-byg9 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:24.329296+00:00 PyPI Importer Affected by VCID-uv7n-awe5-2fav https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:23.895128+00:00 PyPI Importer Affected by VCID-ykg2-qbyr-ayd5 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:23.581017+00:00 PyPI Importer Affected by VCID-31m2-mwzq-judc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:23.268147+00:00 PyPI Importer Affected by VCID-zf51-58kf-43bf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:22.942670+00:00 PyPI Importer Affected by VCID-fd6y-2fcd-jbck https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:22.554483+00:00 PyPI Importer Affected by VCID-rn4s-px1y-7fbc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:22.222706+00:00 PyPI Importer Affected by VCID-83xg-a5v4-4bcw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:21.900270+00:00 PyPI Importer Affected by VCID-swq8-17qu-vyfw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:21.567164+00:00 PyPI Importer Affected by VCID-a628-5uyk-w3ca https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:21.235457+00:00 PyPI Importer Affected by VCID-7mc8-x346-eyaq https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:20.927112+00:00 PyPI Importer Affected by VCID-8r52-vc7e-f3bc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:20.628876+00:00 PyPI Importer Affected by VCID-qskf-bt81-5bbe https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:20.128552+00:00 PyPI Importer Affected by VCID-bj9p-4wzt-47cf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:16.372120+00:00 PyPI Importer Affected by VCID-5bnw-ktd3-8qeb https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:15.672851+00:00 PyPI Importer Affected by VCID-4xdg-1sku-17cd https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:15.550999+00:00 PyPI Importer Affected by VCID-kmd1-vu9u-d7g4 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:36:15.448597+00:00 PyPI Importer Affected by VCID-qkv2-qpe2-97cx https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:34:45.364335+00:00 GitLab Importer Affected by VCID-w2u3-bnqq-mqfz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Plone/GMS-2015-51.yml 38.6.0
2026-05-30T20:26:52.017979+00:00 Pypa Importer Affected by VCID-9ze6-mfrw-ukdv https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-85.yaml 38.6.0
2026-05-30T20:26:51.396160+00:00 Pypa Importer Affected by VCID-tfmu-7tad-xbbe https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-84.yaml 38.6.0
2026-05-30T20:26:50.764248+00:00 Pypa Importer Affected by VCID-pv2n-2y41-pbg5 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-79.yaml 38.6.0
2026-05-30T20:26:50.119636+00:00 Pypa Importer Affected by VCID-d68e-uehc-nudc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-81.yaml 38.6.0
2026-05-30T20:26:49.480946+00:00 Pypa Importer Affected by VCID-r874-3h26-j3fp https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-80.yaml 38.6.0
2026-05-30T20:26:48.855496+00:00 Pypa Importer Affected by VCID-5e2c-6mkx-4udu https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-83.yaml 38.6.0
2026-05-30T20:26:48.219069+00:00 Pypa Importer Affected by VCID-3n34-5rm7-nbcj https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-82.yaml 38.6.0
2026-05-30T20:26:47.310299+00:00 Pypa Importer Affected by VCID-sa7x-wvn1-skh1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2021-78.yaml 38.6.0
2026-05-30T20:20:58.919723+00:00 Pypa Importer Affected by VCID-36xh-ua3s-gyfr https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-248.yaml 38.6.0
2026-05-30T20:20:58.312315+00:00 Pypa Importer Affected by VCID-5z33-3pqj-gygw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-246.yaml 38.6.0
2026-05-30T20:20:57.702160+00:00 Pypa Importer Affected by VCID-z8kt-tf38-eqgc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-247.yaml 38.6.0
2026-05-30T20:18:46.783590+00:00 Pypa Importer Affected by VCID-gejv-h449-13e4 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-85.yaml 38.6.0
2026-05-30T20:18:45.996421+00:00 Pypa Importer Affected by VCID-wage-1bme-bkgb https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-88.yaml 38.6.0
2026-05-30T20:18:42.102819+00:00 Pypa Importer Affected by VCID-pn5z-xdcd-zqd5 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-218.yaml 38.6.0
2026-05-30T20:17:36.718738+00:00 Pypa Importer Affected by VCID-fga8-ymex-67fw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-73.yaml 38.6.0
2026-05-30T20:17:35.938601+00:00 Pypa Importer Affected by VCID-311f-xecp-47fm https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-72.yaml 38.6.0
2026-05-30T20:17:35.131618+00:00 Pypa Importer Affected by VCID-43m1-jkv8-jygp https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-71.yaml 38.6.0
2026-05-30T20:17:34.309587+00:00 Pypa Importer Affected by VCID-y2bq-cb4v-mke6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2018-70.yaml 38.6.0
2026-05-30T20:17:23.436271+00:00 Pypa Importer Affected by VCID-5tbn-qmuj-jya9 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-51.yaml 38.6.0
2026-05-30T20:17:22.147798+00:00 Pypa Importer Affected by VCID-yaa8-vy4x-cqbq https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-53.yaml 38.6.0
2026-05-30T20:17:20.944195+00:00 Pypa Importer Affected by VCID-4bjr-mjug-gqd2 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-52.yaml 38.6.0
2026-05-30T20:17:11.539030+00:00 Pypa Importer Affected by VCID-ugq4-1vzc-6uh5 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-81.yaml 38.6.0
2026-05-30T20:17:10.466493+00:00 Pypa Importer Affected by VCID-m91w-vguw-qkem https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-61.yaml 38.6.0
2026-05-30T20:17:09.709201+00:00 Pypa Importer Affected by VCID-5kaj-zugj-mbh1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-63.yaml 38.6.0
2026-05-30T20:17:08.731024+00:00 Pypa Importer Affected by VCID-ymbd-m6tf-5bap https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-62.yaml 38.6.0
2026-05-30T20:17:07.996900+00:00 Pypa Importer Affected by VCID-njnv-5cwt-4ygy https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-60.yaml 38.6.0
2026-05-30T20:17:07.167106+00:00 Pypa Importer Affected by VCID-gsnt-c1cd-d3bf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-56.yaml 38.6.0
2026-05-30T20:17:06.704434+00:00 Pypa Importer Affected by VCID-s5ab-nud4-5qdg https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-55.yaml 38.6.0
2026-05-30T20:17:04.957340+00:00 Pypa Importer Affected by VCID-6898-z4k5-h3b6 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-64.yaml 38.6.0
2026-05-30T20:16:31.703125+00:00 Pypa Importer Affected by VCID-scgs-bz44-ebfk https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-51.yaml 38.6.0
2026-05-30T20:16:30.912483+00:00 Pypa Importer Affected by VCID-k34d-p9vb-g7by https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-50.yaml 38.6.0
2026-05-30T20:16:30.417492+00:00 Pypa Importer Affected by VCID-99bf-ybqh-dfad https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-42.yaml 38.6.0
2026-05-30T20:16:28.112585+00:00 Pypa Importer Affected by VCID-kak6-5sps-z3da https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-30.yaml 38.6.0
2026-05-30T20:16:27.823571+00:00 Pypa Importer Affected by VCID-4ym2-39bg-dbga https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-28.yaml 38.6.0
2026-05-30T20:16:27.352777+00:00 Pypa Importer Affected by VCID-uduq-ujbb-6qd2 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-48.yaml 38.6.0
2026-05-30T20:16:26.868902+00:00 Pypa Importer Affected by VCID-6rsz-krhe-q3gz https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-45.yaml 38.6.0
2026-05-30T20:16:26.380154+00:00 Pypa Importer Affected by VCID-vc1v-xsbc-kff1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-31.yaml 38.6.0
2026-05-30T20:16:25.895330+00:00 Pypa Importer Affected by VCID-4hzn-mj8g-37ew https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-46.yaml 38.6.0
2026-05-30T20:16:25.402681+00:00 Pypa Importer Affected by VCID-mgpa-1taj-pycj https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-43.yaml 38.6.0
2026-05-30T20:16:24.826386+00:00 Pypa Importer Affected by VCID-3v6x-b2g3-fyhq https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-33.yaml 38.6.0
2026-05-30T20:16:24.343250+00:00 Pypa Importer Affected by VCID-u1hz-5a2a-ybac https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-41.yaml 38.6.0
2026-05-30T20:16:23.864061+00:00 Pypa Importer Affected by VCID-46az-51p2-yfdf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-35.yaml 38.6.0
2026-05-30T20:16:23.116166+00:00 Pypa Importer Affected by VCID-8j8e-z731-7fbz https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-32.yaml 38.6.0
2026-05-30T20:16:22.339264+00:00 Pypa Importer Affected by VCID-xksv-mub7-dyck https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-27.yaml 38.6.0
2026-05-30T20:16:21.858410+00:00 Pypa Importer Affected by VCID-8md9-zymx-w7cn https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-39.yaml 38.6.0
2026-05-30T20:16:21.383437+00:00 Pypa Importer Affected by VCID-pncb-4m8u-hbaw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-49.yaml 38.6.0
2026-05-30T20:16:20.889343+00:00 Pypa Importer Affected by VCID-8gk5-28z6-7bcf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-47.yaml 38.6.0
2026-05-30T20:16:20.383714+00:00 Pypa Importer Affected by VCID-hzgj-wca9-z3d1 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-40.yaml 38.6.0
2026-05-30T20:16:19.882008+00:00 Pypa Importer Affected by VCID-jhc2-yux7-vybj https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-37.yaml 38.6.0
2026-05-30T20:16:19.401325+00:00 Pypa Importer Affected by VCID-3uw2-j3r6-77ch https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-36.yaml 38.6.0
2026-05-30T20:16:18.911021+00:00 Pypa Importer Affected by VCID-xpjk-k6tj-2uba https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-44.yaml 38.6.0
2026-05-30T20:16:18.407705+00:00 Pypa Importer Affected by VCID-kvvr-zc1s-akhn https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-29.yaml 38.6.0
2026-05-30T20:16:17.921612+00:00 Pypa Importer Affected by VCID-ch1t-qmtc-xqfx https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-34.yaml 38.6.0
2026-05-30T20:16:10.215200+00:00 Pypa Importer Affected by VCID-xa5e-bbcv-byg9 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-65.yaml 38.6.0
2026-05-30T20:16:09.919942+00:00 Pypa Importer Affected by VCID-a67e-svcb-ekhc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-66.yaml 38.6.0
2026-05-30T20:16:05.940172+00:00 Pypa Importer Affected by VCID-zf51-58kf-43bf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-56.yaml 38.6.0
2026-05-30T20:16:05.356204+00:00 Pypa Importer Affected by VCID-fd6y-2fcd-jbck https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-52.yaml 38.6.0
2026-05-30T20:16:04.755899+00:00 Pypa Importer Affected by VCID-a628-5uyk-w3ca https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-53.yaml 38.6.0
2026-05-30T20:16:04.140169+00:00 Pypa Importer Affected by VCID-uv7n-awe5-2fav https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-54.yaml 38.6.0
2026-05-30T20:16:03.555087+00:00 Pypa Importer Affected by VCID-qskf-bt81-5bbe https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-60.yaml 38.6.0
2026-05-30T20:16:02.829449+00:00 Pypa Importer Affected by VCID-rn4s-px1y-7fbc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-58.yaml 38.6.0
2026-05-30T20:16:02.258485+00:00 Pypa Importer Affected by VCID-31m2-mwzq-judc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-62.yaml 38.6.0
2026-05-30T20:16:01.469505+00:00 Pypa Importer Affected by VCID-7mc8-x346-eyaq https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-57.yaml 38.6.0
2026-05-30T20:16:00.897826+00:00 Pypa Importer Affected by VCID-8r52-vc7e-f3bc https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-55.yaml 38.6.0
2026-05-30T20:16:00.311158+00:00 Pypa Importer Affected by VCID-ykg2-qbyr-ayd5 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-61.yaml 38.6.0
2026-05-30T20:15:59.740646+00:00 Pypa Importer Affected by VCID-83xg-a5v4-4bcw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-63.yaml 38.6.0
2026-05-30T20:15:59.181133+00:00 Pypa Importer Affected by VCID-swq8-17qu-vyfw https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-59.yaml 38.6.0
2026-05-30T20:15:58.161288+00:00 Pypa Importer Affected by VCID-bj9p-4wzt-47cf https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-64.yaml 38.6.0
2026-05-30T20:15:49.808821+00:00 Pypa Importer Affected by VCID-5bnw-ktd3-8qeb https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-22.yaml 38.6.0
2026-05-30T20:15:48.325403+00:00 Pypa Importer Affected by VCID-4xdg-1sku-17cd https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-14.yaml 38.6.0
2026-05-30T20:15:48.077628+00:00 Pypa Importer Affected by VCID-qkv2-qpe2-97cx https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-15.yaml 38.6.0
2026-05-30T20:15:47.830069+00:00 Pypa Importer Affected by VCID-kmd1-vu9u-d7g4 https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-16.yaml 38.6.0