VulnerableCode Package Details - pkg:pypi/roundup@2.0.0a0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/roundup@2.0.0a0

Essentials
History (7)

purl	pkg:pypi/roundup@2.0.0a0

Next non-vulnerable version	2.5.0
Latest non-vulnerable version	2.5.0
Risk

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-csmv-58s1-5bde Aliases: CVE-2019-10904 GHSA-926q-wxr6-3crq PYSEC-2019-201	Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.	2.0.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ntht-6gus-87cv Aliases: CVE-2025-53865 PYSEC-2025-69	In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).	2.5.0 Affected by 0 other vulnerabilities.
VCID-uk8q-2vzm-hbhu Aliases: CVE-2024-39126 GHSA-x37x-qf4v-f54f PYSEC-2024-65	Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wjqt-h4bh-gbgr Aliases: CVE-2024-39124 GHSA-w8vc-cwv9-wx67 PYSEC-2024-63	In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zk4h-xznt-n3c3 Aliases: CVE-2024-39125 GHSA-xjgw-ghrx-wfff PYSEC-2024-64	Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-csmv-58s1-5bde	Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.	CVE-2019-10904 GHSA-926q-wxr6-3crq PYSEC-2019-201

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T00:51:32.922594+00:00	GHSA Importer	Fixing	VCID-csmv-58s1-5bde	https://github.com/advisories/GHSA-926q-wxr6-3crq	38.6.0
2026-05-30T20:54:58.207483+00:00	GitLab Importer	Fixing	VCID-csmv-58s1-5bde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/roundup/CVE-2019-10904.yml	38.6.0
2026-05-30T20:36:33.845516+00:00	Pypa Importer	Affected by	VCID-ntht-6gus-87cv	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2025-69.yaml	38.6.0
2026-05-30T20:34:50.901507+00:00	Pypa Importer	Affected by	VCID-zk4h-xznt-n3c3	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-64.yaml	38.6.0
2026-05-30T20:34:50.565922+00:00	Pypa Importer	Affected by	VCID-uk8q-2vzm-hbhu	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-65.yaml	38.6.0
2026-05-30T20:34:50.238113+00:00	Pypa Importer	Affected by	VCID-wjqt-h4bh-gbgr	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-63.yaml	38.6.0
2026-05-30T20:18:16.003580+00:00	Pypa Importer	Affected by	VCID-csmv-58s1-5bde	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2019-201.yaml	38.6.0