Search for packages
| purl | pkg:pypi/wiki@0.2.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6u9s-bafm-6kaa
Aliases: CVE-2021-25986 GHSA-3m3h-v9hv-9j4h PYSEC-2021-850 |
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. |
Affected by 1 other vulnerability. |
|
VCID-pvrm-ufp9-k3dn
Aliases: CVE-2024-28865 GHSA-wj85-w4f4-xh8h |
Denial of service via regular expression All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-01T07:56:12.193300+00:00 | GitLab Importer | Affected by | VCID-pvrm-ufp9-k3dn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wiki/CVE-2024-28865.yml | 38.6.0 |
| 2026-06-01T06:23:27.068371+00:00 | GitLab Importer | Affected by | VCID-6u9s-bafm-6kaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wiki/CVE-2021-25986.yml | 38.6.0 |
| 2026-05-31T09:43:32.523264+00:00 | PyPI Importer | Affected by | VCID-6u9s-bafm-6kaa | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.6.0 |
| 2026-05-30T20:29:04.108120+00:00 | Pypa Importer | Affected by | VCID-6u9s-bafm-6kaa | https://github.com/pypa/advisory-database/blob/main/vulns/wiki/PYSEC-2021-850.yaml | 38.6.0 |