VulnerableCode Package Details - pkg:pypi/sickrage@10.0.11.dev2

Search for packages

Vulnerability	Summary	Fixed by
VCID-9ecn-dwux-93b8 Aliases: CVE-2021-25925 GHSA-rmp7-f2vp-3rq4 PYSEC-2021-147	in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.	10.0.12.dev1 Affected by 0 other vulnerabilities.
VCID-tj9t-5zn5-e3ca Aliases: CVE-2021-25926 GHSA-x823-j7c4-vpc5 PYSEC-2021-148	In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.	10.0.12.dev1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9ecn-dwux-93b8
Aliases:
CVE-2021-25925
GHSA-rmp7-f2vp-3rq4
PYSEC-2021-147

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

10.0.12.dev1
Affected by 0 other vulnerabilities.

VCID-tj9t-5zn5-e3ca
Aliases:
CVE-2021-25926
GHSA-x823-j7c4-vpc5
PYSEC-2021-148

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.

10.0.12.dev1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9ecn-dwux-93b8	in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.	CVE-2021-25925 GHSA-rmp7-f2vp-3rq4 PYSEC-2021-147
VCID-tj9t-5zn5-e3ca	In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.	CVE-2021-25926 GHSA-x823-j7c4-vpc5 PYSEC-2021-148

Vulnerability

Summary

Aliases

VCID-9ecn-dwux-93b8

CVE-2021-25925
GHSA-rmp7-f2vp-3rq4
PYSEC-2021-147

VCID-tj9t-5zn5-e3ca

CVE-2021-25926
GHSA-x823-j7c4-vpc5
PYSEC-2021-148

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:11:32.117516+00:00	GithubOSV Importer	Fixing	VCID-9ecn-dwux-93b8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-rmp7-f2vp-3rq4/GHSA-rmp7-f2vp-3rq4.json	38.6.0
2026-05-31T11:11:21.189914+00:00	GithubOSV Importer	Fixing	VCID-tj9t-5zn5-e3ca	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-x823-j7c4-vpc5/GHSA-x823-j7c4-vpc5.json	38.6.0
2026-05-31T09:39:58.725097+00:00	PyPI Importer	Affected by	VCID-9ecn-dwux-93b8	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:39:56.319371+00:00	PyPI Importer	Affected by	VCID-tj9t-5zn5-e3ca	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:22:38.557975+00:00	Pypa Importer	Affected by	VCID-tj9t-5zn5-e3ca	https://github.com/pypa/advisory-database/blob/main/vulns/sickrage/PYSEC-2021-148.yaml	38.6.0
2026-05-30T20:22:35.511864+00:00	Pypa Importer	Affected by	VCID-9ecn-dwux-93b8	https://github.com/pypa/advisory-database/blob/main/vulns/sickrage/PYSEC-2021-147.yaml	38.6.0