VulnerableCode Package Details - pkg:pypi/roundup@2.4.0b1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/roundup@2.4.0b1

Essentials
History (8)

purl	pkg:pypi/roundup@2.4.0b1

Next non-vulnerable version	2.5.0
Latest non-vulnerable version	2.5.0
Risk	3.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-ntht-6gus-87cv Aliases: CVE-2025-53865 GHSA-qxh9-qmf2-rhwc PYSEC-2025-69	In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).	2.5.0 Affected by 0 other vulnerabilities.
VCID-uk8q-2vzm-hbhu Aliases: CVE-2024-39126 GHSA-x37x-qf4v-f54f PYSEC-2024-65	Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wjqt-h4bh-gbgr Aliases: CVE-2024-39124 GHSA-w8vc-cwv9-wx67 PYSEC-2024-63	In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zk4h-xznt-n3c3 Aliases: CVE-2024-39125 GHSA-xjgw-ghrx-wfff PYSEC-2024-64	Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:47:03.982448+00:00	PyPI Importer	Affected by	VCID-ntht-6gus-87cv	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:46:16.406009+00:00	PyPI Importer	Affected by	VCID-uk8q-2vzm-hbhu	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:46:16.254149+00:00	PyPI Importer	Affected by	VCID-wjqt-h4bh-gbgr	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:46:16.090791+00:00	PyPI Importer	Affected by	VCID-zk4h-xznt-n3c3	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:36:33.880614+00:00	Pypa Importer	Affected by	VCID-ntht-6gus-87cv	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2025-69.yaml	38.6.0
2026-05-30T20:34:50.939020+00:00	Pypa Importer	Affected by	VCID-zk4h-xznt-n3c3	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-64.yaml	38.6.0
2026-05-30T20:34:50.604638+00:00	Pypa Importer	Affected by	VCID-uk8q-2vzm-hbhu	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-65.yaml	38.6.0
2026-05-30T20:34:50.279624+00:00	Pypa Importer	Affected by	VCID-wjqt-h4bh-gbgr	https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2024-63.yaml	38.6.0