Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/rucio-webui@1.22.0.dev2
purl pkg:pypi/rucio-webui@1.22.0.dev2
Next non-vulnerable version 35.8.3
Latest non-vulnerable version 39.3.1
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1re8-kda1-k3db
Aliases:
CVE-2026-25735
GHSA-8wpv-6x3f-3rm5
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
35.8.3
Affected by 0 other vulnerabilities.
38.5.4
Affected by 0 other vulnerabilities.
39.3.1
Affected by 0 other vulnerabilities.
VCID-6vph-d8yk-p7c7
Aliases:
CVE-2026-25136
GHSA-h79m-5jjm-jm4q
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
35.8.3
Affected by 0 other vulnerabilities.
38.5.4
Affected by 0 other vulnerabilities.
39.3.1
Affected by 0 other vulnerabilities.
VCID-kxr7-78nq-ykdu
Aliases:
CVE-2026-25138
GHSA-38wq-6q2w-hcf9
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
35.8.3
Affected by 0 other vulnerabilities.
38.5.4
Affected by 0 other vulnerabilities.
39.3.1
Affected by 0 other vulnerabilities.
VCID-pwx1-fnd1-rfh2
Aliases:
CVE-2026-25736
GHSA-fq4f-4738-rqxm
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
35.8.3
Affected by 0 other vulnerabilities.
38.5.4
Affected by 0 other vulnerabilities.
39.3.1
Affected by 0 other vulnerabilities.
VCID-rxqc-fwgm-ayhy
Aliases:
CVE-2026-25733
GHSA-rwj9-7j48-9f7q
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
35.8.3
Affected by 0 other vulnerabilities.
38.5.4
Affected by 0 other vulnerabilities.
39.3.1
Affected by 0 other vulnerabilities.
VCID-sx7n-qnfs-rbcr
Aliases:
CVE-2026-25734
GHSA-h9fp-p2p9-873q
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
35.8.3
Affected by 0 other vulnerabilities.
38.5.4
Affected by 0 other vulnerabilities.
39.3.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T21:09:48.875178+00:00 GitLab Importer Affected by VCID-sx7n-qnfs-rbcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/rucio-webui/CVE-2026-25734.yml 38.6.0
2026-06-12T21:08:35.964752+00:00 GitLab Importer Affected by VCID-1re8-kda1-k3db https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/rucio-webui/CVE-2026-25735.yml 38.6.0
2026-06-12T21:08:21.953641+00:00 GitLab Importer Affected by VCID-6vph-d8yk-p7c7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/rucio-webui/CVE-2026-25136.yml 38.6.0
2026-06-12T21:07:54.666575+00:00 GitLab Importer Affected by VCID-kxr7-78nq-ykdu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/rucio-webui/CVE-2026-25138.yml 38.6.0
2026-06-12T21:07:43.515519+00:00 GitLab Importer Affected by VCID-rxqc-fwgm-ayhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/rucio-webui/CVE-2026-25733.yml 38.6.0
2026-06-12T21:07:17.594466+00:00 GitLab Importer Affected by VCID-pwx1-fnd1-rfh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/rucio-webui/CVE-2026-25736.yml 38.6.0