Search for packages
| purl | pkg:pypi/trytond@6.0.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4nwz-9kv7-nkat
Aliases: CVE-2022-26661 GHSA-cj78-rgw3-4h5p PYSEC-2022-43170 |
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bt9e-28y7-efh3
Aliases: CVE-2025-66422 GHSA-jqfc-9q34-prhg |
trytond allows remote attackers to obtain sensitive trace-back (server setup) information Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gcmg-p94p-ebes
Aliases: CVE-2025-66423 GHSA-p3p5-xrmv-4j6x |
trytond does not enforce access rights for the route of the HTML editor. Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-svxa-7cfb-uyba
Aliases: CVE-2022-26662 GHSA-pm3h-mm62-pwm8 PYSEC-2022-43171 |
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zpha-95r9-ybca
Aliases: CVE-2025-66424 GHSA-2w93-qwpp-vgvj |
trytond does not enforce access rights for data export Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-01T09:14:04.758937+00:00 | GitLab Importer | Affected by | VCID-gcmg-p94p-ebes | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2025-66423.yml | 38.6.0 |
| 2026-06-01T09:14:00.849679+00:00 | GitLab Importer | Affected by | VCID-bt9e-28y7-efh3 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2025-66422.yml | 38.6.0 |
| 2026-06-01T09:13:53.678138+00:00 | GitLab Importer | Affected by | VCID-zpha-95r9-ybca | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2025-66424.yml | 38.6.0 |
| 2026-06-01T06:32:29.148876+00:00 | GitLab Importer | Affected by | VCID-4nwz-9kv7-nkat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2022-26661.yml | 38.6.0 |
| 2026-06-01T06:32:26.654869+00:00 | GitLab Importer | Affected by | VCID-svxa-7cfb-uyba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2022-26662.yml | 38.6.0 |