VulnerableCode Package Details - pkg:pypi/roundup@2.0.0b0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/roundup@2.0.0b0

Essentials
History (5)

purl	pkg:pypi/roundup@2.0.0b0

Next non-vulnerable version	2.5.0
Latest non-vulnerable version	2.5.0
Risk

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-9ydc-txfc-pqe6 Aliases: CVE-2025-53865 PYSEC-2025-69	In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).	2.5.0 Affected by 0 other vulnerabilities.
VCID-agp7-u68t-abbe Aliases: CVE-2024-39124 PYSEC-2024-63	In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-be33-dgsb-nycm Aliases: CVE-2019-10904 GHSA-926q-wxr6-3crq PYSEC-2019-201	Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.	2.0.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m8r5-mtwf-cbgm Aliases: CVE-2024-39126 PYSEC-2024-65	Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yufw-2bru-h7h1 Aliases: CVE-2024-39125 PYSEC-2024-64	Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:15.869839+00:00	Pypa Importer	Affected by	VCID-9ydc-txfc-pqe6	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2025-69.yaml	38.6.0
2026-06-02T04:21:38.518065+00:00	Pypa Importer	Affected by	VCID-yufw-2bru-h7h1	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-64.yaml	38.6.0
2026-06-02T04:21:38.212750+00:00	Pypa Importer	Affected by	VCID-m8r5-mtwf-cbgm	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-65.yaml	38.6.0
2026-06-02T04:21:37.895776+00:00	Pypa Importer	Affected by	VCID-agp7-u68t-abbe	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-63.yaml	38.6.0
2026-06-02T04:05:37.486301+00:00	Pypa Importer	Affected by	VCID-be33-dgsb-nycm	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2019-201.yaml	38.6.0