Search for packages
| purl | pkg:pypi/quokka@0.4.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b2j7-fedy-77g1
Aliases: CVE-2020-18702 GHSA-5m69-3chg-6f8m PYSEC-2021-143 |
Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. | There are no reported fixed by versions. |
|
VCID-sf4w-ajhm-ufgp
Aliases: CVE-2020-18703 GHSA-3xg5-6c3j-vp8x PYSEC-2021-144 |
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | There are no reported fixed by versions. |
|
VCID-ukym-6vnb-ufhh
Aliases: CVE-2020-18705 GHSA-4q2r-qxp6-h5j6 PYSEC-2021-145 |
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T20:55:46.445246+00:00 | GitLab Importer | Affected by | VCID-b2j7-fedy-77g1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/quokka/CVE-2020-18702.yml | 38.6.0 |
| 2026-05-30T20:55:46.037427+00:00 | GitLab Importer | Affected by | VCID-sf4w-ajhm-ufgp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/quokka/CVE-2020-18703.yml | 38.6.0 |
| 2026-05-30T20:55:45.761199+00:00 | GitLab Importer | Affected by | VCID-ukym-6vnb-ufhh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/quokka/CVE-2020-18705.yml | 38.6.0 |