{"url":"http://public2.vulnerablecode.io/api/packages/32381?format=json","purl":"pkg:pypi/weblate@4.14","type":"pypi","namespace":"","name":"weblate","version":"4.14","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.12","latest_non_vulnerable_version":"2026.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82706?format=json","vulnerability_id":"VCID-13gh-1j1y-pud2","summary":"Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24126","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02104","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02101","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24126"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17722","reference_id":"17722","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T17:13:05Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17722"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/78773cc141ce0a97900c11341e6cf856451395fd","reference_id":"78773cc141ce0a97900c11341e6cf856451395fd","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T17:13:05Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/78773cc141ce0a97900c11341e6cf856451395fd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24126","reference_id":"CVE-2026-24126","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24126"},{"reference_url":"https://github.com/advisories/GHSA-33fm-6gp7-4p47","reference_id":"GHSA-33fm-6gp7-4p47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33fm-6gp7-4p47"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47","reference_id":"GHSA-33fm-6gp7-4p47","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T17:13:05Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39198?format=json","purl":"pkg:pypi/weblate@5.16.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/92243?format=json","purl":"pkg:pypi/weblate@5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.16"}],"aliases":["CVE-2026-24126","GHSA-33fm-6gp7-4p47"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13gh-1j1y-pud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90812?format=json","vulnerability_id":"VCID-27fd-5u31-q7ft","summary":"Weblate is a web based localization tool. In versions 5.14 and below,  Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64326","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09976","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10443","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64326"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-230.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-230.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate/commit/b847e9756a0a6f7659ef20fa9f34846ca862c574"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/16781","reference_id":"16781","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T21:17:50Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/16781"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64326","reference_id":"CVE-2025-64326","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64326"},{"reference_url":"https://github.com/advisories/GHSA-gr35-vpx2-qxhc","reference_id":"GHSA-gr35-vpx2-qxhc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gr35-vpx2-qxhc"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc","reference_id":"GHSA-gr35-vpx2-qxhc","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T21:17:50Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gr35-vpx2-qxhc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35024?format=json","purl":"pkg:pypi/weblate@5.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-849m-3c8x-z3dv"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-nvm6-6nvn-vqff"},{"vulnerability":"VCID-r36u-2h85-23b2"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"},{"vulnerability":"VCID-zzf6-uufj-3kap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.14.1"}],"aliases":["CVE-2025-64326","GHSA-gr35-vpx2-qxhc","PYSEC-2025-126","PYSEC-2025-230"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27fd-5u31-q7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28217?format=json","vulnerability_id":"VCID-3nnm-5hms-ufb2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33212","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0151","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01514","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33212"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18515","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate/pull/18515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33212","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33212"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70","reference_id":"4e06b12cd05d087db68384e09d5f70fe883f2b70","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:08:54Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70"},{"reference_url":"https://github.com/advisories/GHSA-vj45-x3pj-f4w4","reference_id":"GHSA-vj45-x3pj-f4w4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vj45-x3pj-f4w4"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4","reference_id":"GHSA-vj45-x3pj-f4w4","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:08:54Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-33212","GHSA-vj45-x3pj-f4w4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nnm-5hms-ufb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46448?format=json","vulnerability_id":"VCID-6fdw-htq7-1ffz","summary":"Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39303","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63535","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63433","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39303"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd","reference_id":"b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:50:23Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39303","reference_id":"CVE-2024-39303","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39303"},{"reference_url":"https://github.com/advisories/GHSA-jfgp-674x-6q4p","reference_id":"GHSA-jfgp-674x-6q4p","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfgp-674x-6q4p"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p","reference_id":"GHSA-jfgp-674x-6q4p","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:50:23Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32382?format=json","purl":"pkg:pypi/weblate@5.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-27fd-5u31-q7ft"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-849m-3c8x-z3dv"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-dyct-cymv-e3fe"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-nvm6-6nvn-vqff"},{"vulnerability":"VCID-r36u-2h85-23b2"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uams-vzmg-aubk"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-uw48-rjjk-tbc1"},{"vulnerability":"VCID-veas-z52g-z7ap"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"},{"vulnerability":"VCID-zzf6-uufj-3kap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.6.2"}],"aliases":["CVE-2024-39303","GHSA-jfgp-674x-6q4p"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fdw-htq7-1ffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28505?format=json","vulnerability_id":"VCID-7uky-8ks8-8kg1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39845","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01239","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01235","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-156.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-156.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39845","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39845"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18815","reference_id":"18815","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:00Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18815"},{"reference_url":"https://github.com/advisories/GHSA-f8hv-g549-hwg2","reference_id":"GHSA-f8hv-g549-hwg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f8hv-g549-hwg2"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2","reference_id":"GHSA-f8hv-g549-hwg2","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:00Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-39845","GHSA-f8hv-g549-hwg2","PYSEC-2026-156"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uky-8ks8-8kg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28337?format=json","vulnerability_id":"VCID-7xdv-rje4-bfh5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34393","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03643","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03659","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34393"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-155.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-155.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34393","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34393"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18687","reference_id":"18687","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:38:44Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18687"},{"reference_url":"https://github.com/advisories/GHSA-3382-gw9x-477v","reference_id":"GHSA-3382-gw9x-477v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3382-gw9x-477v"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v","reference_id":"GHSA-3382-gw9x-477v","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:38:44Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-34393","GHSA-3382-gw9x-477v","PYSEC-2026-155"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xdv-rje4-bfh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90814?format=json","vulnerability_id":"VCID-849m-3c8x-z3dv","summary":"Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64725","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0236","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02363","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64725"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9","reference_id":"02e904675f0608a6bbfbf9466eeccd9d022591e9","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/02e904675f0608a6bbfbf9466eeccd9d022591e9"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/16913","reference_id":"16913","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/16913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64725","reference_id":"CVE-2025-64725","reference_type":"","scores":[{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64725"},{"reference_url":"https://github.com/advisories/GHSA-m6hq-f4w9-qrjj","reference_id":"GHSA-m6hq-f4w9-qrjj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6hq-f4w9-qrjj"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj","reference_id":"GHSA-m6hq-f4w9-qrjj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m6hq-f4w9-qrjj"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15","reference_id":"weblate-5.15","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:55:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36215?format=json","purl":"pkg:pypi/weblate@5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15"}],"aliases":["CVE-2025-64725","GHSA-m6hq-f4w9-qrjj"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-849m-3c8x-z3dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27520?format=json","vulnerability_id":"VCID-8znh-acd2-53bm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27457","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10938","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27457"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18107","reference_id":"18107","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18107"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18164","reference_id":"18164","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18164"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9","reference_id":"3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/7802c9b121eb407c48d4adddd4f2458fb3efef0f","reference_id":"7802c9b121eb407c48d4adddd4f2458fb3efef0f","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/7802c9b121eb407c48d4adddd4f2458fb3efef0f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27457","reference_id":"CVE-2026-27457","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27457"},{"reference_url":"https://github.com/advisories/GHSA-wppc-7cq7-cgfv","reference_id":"GHSA-wppc-7cq7-cgfv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wppc-7cq7-cgfv"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-wppc-7cq7-cgfv","reference_id":"GHSA-wppc-7cq7-cgfv","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-wppc-7cq7-cgfv"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.16.1","reference_id":"weblate-5.16.1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T01:39:25Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.16.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39919?format=json","purl":"pkg:pypi/weblate@5.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.16.1"}],"aliases":["CVE-2026-27457","GHSA-wppc-7cq7-cgfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8znh-acd2-53bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67962?format=json","vulnerability_id":"VCID-am2b-ejeh-n3gt","summary":"Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44263","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01345","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44263"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44263","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44263"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/19258","reference_id":"19258","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/19258"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203","reference_id":"6cf892c7bd50b667a65a99d716a90694f7d9f203","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203"},{"reference_url":"https://github.com/advisories/GHSA-gcg5-86jr-f7jg","reference_id":"GHSA-gcg5-86jr-f7jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcg5-86jr-f7jg"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg","reference_id":"GHSA-gcg5-86jr-f7jg","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","reference_id":"weblate-5.17.1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:59:57Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373571?format=json","purl":"pkg:pypi/weblate@5.17.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1"}],"aliases":["CVE-2026-44263","GHSA-gcg5-86jr-f7jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am2b-ejeh-n3gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28325?format=json","vulnerability_id":"VCID-bxuh-n3fj-ffga","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34242","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04427","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04428","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34242"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34242","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34242"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3","reference_id":"5db3a2a2e047ecaab627a8731cd744a30b2f51d3","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:49Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3"},{"reference_url":"https://github.com/advisories/GHSA-hv99-mxm5-q397","reference_id":"GHSA-hv99-mxm5-q397","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hv99-mxm5-q397"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397","reference_id":"GHSA-hv99-mxm5-q397","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:37:49Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-34242","GHSA-hv99-mxm5-q397"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxuh-n3fj-ffga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28223?format=json","vulnerability_id":"VCID-dfsk-f6ch-hqcn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33220","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0452","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04527","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-153.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-153.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33220","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33220"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18516","reference_id":"18516","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18516"},{"reference_url":"https://github.com/advisories/GHSA-mqph-7h49-hqfm","reference_id":"GHSA-mqph-7h49-hqfm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqph-7h49-hqfm"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm","reference_id":"GHSA-mqph-7h49-hqfm","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-33220","GHSA-mqph-7h49-hqfm","PYSEC-2026-153"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfsk-f6ch-hqcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28218?format=json","vulnerability_id":"VCID-dsmf-fhrh-ukh3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33214","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01482","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01484","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33214"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-152.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-152.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33214","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33214"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18513","reference_id":"18513","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:31:35Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18513"},{"reference_url":"https://github.com/advisories/GHSA-mpf5-3vph-q75r","reference_id":"GHSA-mpf5-3vph-q75r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpf5-3vph-q75r"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r","reference_id":"GHSA-mpf5-3vph-q75r","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:31:35Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-33214","GHSA-mpf5-3vph-q75r","PYSEC-2026-152"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsmf-fhrh-ukh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114417?format=json","vulnerability_id":"VCID-dyct-cymv-e3fe","summary":"Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32021","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49786","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49649","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32021"},{"reference_url":"https://github.com/advisories/GHSA-m67m-3p5g-cw9j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/advisories/GHSA-m67m-3p5g-cw9j"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32021","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32021"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j","reference_id":"GHSA-m67m-3p5g-cw9j","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:40:58Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.11","reference_id":"weblate-5.11","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:40:58Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87459?format=json","purl":"pkg:pypi/weblate@5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-27fd-5u31-q7ft"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-849m-3c8x-z3dv"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-nvm6-6nvn-vqff"},{"vulnerability":"VCID-r36u-2h85-23b2"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uams-vzmg-aubk"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-uw48-rjjk-tbc1"},{"vulnerability":"VCID-veas-z52g-z7ap"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"},{"vulnerability":"VCID-zzf6-uufj-3kap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.11"}],"aliases":["CVE-2025-32021","GHSA-m67m-3p5g-cw9j","PYSEC-2025-35"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyct-cymv-e3fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28250?format=json","vulnerability_id":"VCID-fp81-5b87-j7ax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33440","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01405","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01408","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33440"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18550","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate/pull/18550"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33440","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33440"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/8be80625a864c8db5854503872a65e8a0b7399a6","reference_id":"8be80625a864c8db5854503872a65e8a0b7399a6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:07Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/8be80625a864c8db5854503872a65e8a0b7399a6"},{"reference_url":"https://github.com/advisories/GHSA-5fhx-9jwj-867m","reference_id":"GHSA-5fhx-9jwj-867m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fhx-9jwj-867m"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5fhx-9jwj-867m","reference_id":"GHSA-5fhx-9jwj-867m","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:07Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5fhx-9jwj-867m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-33440","GHSA-5fhx-9jwj-867m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fp81-5b87-j7ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95116?format=json","vulnerability_id":"VCID-nvm6-6nvn-vqff","summary":"Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is not validated or sanitized, allowing an attacker to supply arbitrary protocols, hostnames, and IP addresses, including localhost, internal network addresses, and local filenames. When the Mercurial version control system is selected, Weblate exposes the full server-side HTTP response for the provided URL. This effectively creates a server-side request forgery (SSRF) primitive that can probe internal services and return their contents. In addition to accessing internal HTTP endpoints, the behavior also enables local file enumeration by attempting file:// requests. While file contents may not always be returned, the application’s error messages clearly differentiate between files that exist and files that do not, revealing information about the server’s filesystem layout. In cloud environments, this behavior is particularly dangerous, as internal-only endpoints such as cloud metadata services may be accessible, potentially leading to credential disclosure and full environment compromise. This has been addressed in the Weblate 5.15 release. As a workaround, remove Mercurial from `VCS_BACKENDS`; the Git backend is not affected. The Git backend was already configured to block the file protocol and does not expose the HTTP response content in the error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66407","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06069","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06046","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66407"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-231.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-231.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17102","reference_id":"17102","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:07:51Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17102"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17103","reference_id":"17103","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:07:51Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17103"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66407","reference_id":"CVE-2025-66407","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66407"},{"reference_url":"https://github.com/advisories/GHSA-hfpv-mc5v-p9mm","reference_id":"GHSA-hfpv-mc5v-p9mm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hfpv-mc5v-p9mm"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hfpv-mc5v-p9mm","reference_id":"GHSA-hfpv-mc5v-p9mm","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:07:51Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hfpv-mc5v-p9mm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36215?format=json","purl":"pkg:pypi/weblate@5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15"}],"aliases":["CVE-2025-66407","GHSA-hfpv-mc5v-p9mm","PYSEC-2025-231"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvm6-6nvn-vqff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109177?format=json","vulnerability_id":"VCID-r36u-2h85-23b2","summary":"Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67492","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05367","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67492"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-232.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-232.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17221","reference_id":"17221","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:13:36Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17221"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67492","reference_id":"CVE-2025-67492","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67492"},{"reference_url":"https://github.com/advisories/GHSA-pj86-258h-qrvf","reference_id":"GHSA-pj86-258h-qrvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj86-258h-qrvf"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf","reference_id":"GHSA-pj86-258h-qrvf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T19:13:36Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36215?format=json","purl":"pkg:pypi/weblate@5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/396946?format=json","purl":"pkg:pypi/weblate@5.15.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.0"}],"aliases":["CVE-2025-67492","GHSA-pj86-258h-qrvf","PYSEC-2025-232"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r36u-2h85-23b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74232?format=json","vulnerability_id":"VCID-rauj-hjbg-j7b4","summary":"Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21889","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0872","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16322","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21889"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17516","reference_id":"17516","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T16:58:27Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17516"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47","reference_id":"a6eb5fd0299780eca286be8ff187dc2d10feec47","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T16:58:27Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21889","reference_id":"CVE-2026-21889","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21889"},{"reference_url":"https://github.com/advisories/GHSA-3g2f-4rjg-9385","reference_id":"GHSA-3g2f-4rjg-9385","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3g2f-4rjg-9385"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385","reference_id":"GHSA-3g2f-4rjg-9385","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T16:58:27Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37746?format=json","purl":"pkg:pypi/weblate@5.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.2"}],"aliases":["CVE-2026-21889","GHSA-3g2f-4rjg-9385"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rauj-hjbg-j7b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93260?format=json","vulnerability_id":"VCID-rfk6-ty49-f3ft","summary":"Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68398","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48397","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48534","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68398"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17330","reference_id":"17330","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17330"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17345","reference_id":"17345","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17345"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4","reference_id":"4837a4154390f7c1d03c0e398aa6439dcfa361b4","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68398","reference_id":"CVE-2025-68398","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68398"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7","reference_id":"dd8c9d7b00eebe28770fa0e2cd96126791765ea7","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7"},{"reference_url":"https://github.com/advisories/GHSA-8vcg-cfxj-p5m3","reference_id":"GHSA-8vcg-cfxj-p5m3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vcg-cfxj-p5m3"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3","reference_id":"GHSA-8vcg-cfxj-p5m3","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1","reference_id":"weblate-5.15.1","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-19T14:58:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36296?format=json","purl":"pkg:pypi/weblate@5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1"}],"aliases":["CVE-2025-68398","GHSA-8vcg-cfxj-p5m3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfk6-ty49-f3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28540?format=json","vulnerability_id":"VCID-rywq-qyvb-8fcg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40256","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05719","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05744","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40256"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18847","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate/pull/18847"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40256","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40256"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/e30dbcb33ae78e754ecef192d54f996b89cb4e15","reference_id":"e30dbcb33ae78e754ecef192d54f996b89cb4e15","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/e30dbcb33ae78e754ecef192d54f996b89cb4e15"},{"reference_url":"https://github.com/advisories/GHSA-ffgh-3jrf-8wvh","reference_id":"GHSA-ffgh-3jrf-8wvh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffgh-3jrf-8wvh"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-ffgh-3jrf-8wvh","reference_id":"GHSA-ffgh-3jrf-8wvh","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-ffgh-3jrf-8wvh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-40256","GHSA-ffgh-3jrf-8wvh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rywq-qyvb-8fcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28249?format=json","vulnerability_id":"VCID-rzfg-uyxe-xyhd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33435","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29593","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2979","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33435"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-154.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-154.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33435","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33435"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18549","reference_id":"18549","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:40:18Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/18549"},{"reference_url":"https://github.com/advisories/GHSA-558g-h753-6m33","reference_id":"GHSA-558g-h753-6m33","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-558g-h753-6m33"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33","reference_id":"GHSA-558g-h753-6m33","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T18:40:18Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-33435","GHSA-558g-h753-6m33","PYSEC-2026-154"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzfg-uyxe-xyhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80685?format=json","vulnerability_id":"VCID-se5h-tu1z-1ybv","summary":"Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via \"cycle_session_keys()\", but DRF API tokens (\"wlu_*\" prefix) stored in \"authtoken_token\" are not revoked. This issue has been patched in version 5.17.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41519","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01161","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01162","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41519"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41519","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41519"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/19057","reference_id":"19057","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/19057"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/649a2da81700542f95c0807b3c625fc3bb0eaf95","reference_id":"649a2da81700542f95c0807b3c625fc3bb0eaf95","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/649a2da81700542f95c0807b3c625fc3bb0eaf95"},{"reference_url":"https://github.com/advisories/GHSA-6j8j-4qp3-36p2","reference_id":"GHSA-6j8j-4qp3-36p2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6j8j-4qp3-36p2"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6j8j-4qp3-36p2","reference_id":"GHSA-6j8j-4qp3-36p2","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6j8j-4qp3-36p2"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","reference_id":"weblate-5.17.1","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:45:16Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373571?format=json","purl":"pkg:pypi/weblate@5.17.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1"}],"aliases":["CVE-2026-41519","GHSA-6j8j-4qp3-36p2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-se5h-tu1z-1ybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67706?format=json","vulnerability_id":"VCID-ttsu-s5sc-47f1","summary":"Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44264","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01876","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01875","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44264"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44264","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44264"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/19259","reference_id":"19259","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/19259"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/85abc9df88b7464f4c0e794aef752e45f4230f75","reference_id":"85abc9df88b7464f4c0e794aef752e45f4230f75","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/85abc9df88b7464f4c0e794aef752e45f4230f75"},{"reference_url":"https://github.com/advisories/GHSA-5cmv-3rc4-7279","reference_id":"GHSA-5cmv-3rc4-7279","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cmv-3rc4-7279"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5cmv-3rc4-7279","reference_id":"GHSA-5cmv-3rc4-7279","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5cmv-3rc4-7279"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","reference_id":"weblate-5.17.1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T15:04:31Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373571?format=json","purl":"pkg:pypi/weblate@5.17.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1"}],"aliases":["CVE-2026-44264","GHSA-5cmv-3rc4-7279"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttsu-s5sc-47f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/119668?format=json","vulnerability_id":"VCID-uams-vzmg-aubk","summary":"Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42356","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42191","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47951"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47951","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47951"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/14918","reference_id":"14918","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/14918"},{"reference_url":"https://hackerone.com/reports/3150564","reference_id":"3150564","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/"}],"url":"https://hackerone.com/reports/3150564"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384","reference_id":"f806293451248c5d95e45b3b507e9d158bc4f384","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384"},{"reference_url":"https://github.com/advisories/GHSA-57jg-m997-cx3q","reference_id":"GHSA-57jg-m997-cx3q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-57jg-m997-cx3q"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q","reference_id":"GHSA-57jg-m997-cx3q","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1","reference_id":"weblate-5.12.1","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:49:15Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378727?format=json","purl":"pkg:pypi/weblate@5.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.12"}],"aliases":["CVE-2025-47951","GHSA-57jg-m997-cx3q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uams-vzmg-aubk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93427?format=json","vulnerability_id":"VCID-uctk-5p7z-cug3","summary":"Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68279","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18642","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1848","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68279"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17331","reference_id":"17331","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17331"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17356","reference_id":"17356","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17356"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68279","reference_id":"CVE-2025-68279","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68279"},{"reference_url":"https://github.com/advisories/GHSA-g925-f788-4jh7","reference_id":"GHSA-g925-f788-4jh7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g925-f788-4jh7"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7","reference_id":"GHSA-g925-f788-4jh7","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-g925-f788-4jh7"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1","reference_id":"weblate-5.15.1","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:01:48Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36296?format=json","purl":"pkg:pypi/weblate@5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.1"}],"aliases":["CVE-2025-68279","GHSA-g925-f788-4jh7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uctk-5p7z-cug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25469?format=json","vulnerability_id":"VCID-uw48-rjjk-tbc1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49134","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55753","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55874","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49134"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49134","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49134"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62","reference_id":"020b2905e4d001cff2452574d10e6cf3621b5f62","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/020b2905e4d001cff2452574d10e6cf3621b5f62"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/15102","reference_id":"15102","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/15102"},{"reference_url":"https://github.com/advisories/GHSA-4qqf-9m5c-w2c5","reference_id":"GHSA-4qqf-9m5c-w2c5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4qqf-9m5c-w2c5"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5","reference_id":"GHSA-4qqf-9m5c-w2c5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-4qqf-9m5c-w2c5"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1","reference_id":"weblate-5.12.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:04:17Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378727?format=json","purl":"pkg:pypi/weblate@5.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.12"}],"aliases":["CVE-2025-49134","GHSA-4qqf-9m5c-w2c5"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uw48-rjjk-tbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93892?format=json","vulnerability_id":"VCID-veas-z52g-z7ap","summary":"Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the  second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58352","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20179","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20356","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58352"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58352","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58352"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908","reference_id":"0b46fe596231dd456283ead66699ae5516f23908","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:17:51Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/0b46fe596231dd456283ead66699ae5516f23908"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/16002","reference_id":"16002","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:17:51Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/16002"},{"reference_url":"https://github.com/advisories/GHSA-377j-wj38-4728","reference_id":"GHSA-377j-wj38-4728","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-377j-wj38-4728"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728","reference_id":"GHSA-377j-wj38-4728","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:17:51Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-377j-wj38-4728"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89166?format=json","purl":"pkg:pypi/weblate@5.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-27fd-5u31-q7ft"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-849m-3c8x-z3dv"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-nvm6-6nvn-vqff"},{"vulnerability":"VCID-r36u-2h85-23b2"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"},{"vulnerability":"VCID-zzf6-uufj-3kap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.13.1"}],"aliases":["CVE-2025-58352","GHSA-377j-wj38-4728"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-veas-z52g-z7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81121?format=json","vulnerability_id":"VCID-wkpe-cvt3-w3d4","summary":"Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed scheme (e.g. file://, git://). Weblate persists the component via Component.objects.bulk_create([component])[0], which bypasses Django's full_clean() and therefore never runs the validate_repo_url validator. The URL is subsequently written verbatim into .git/config by configure_repo(pull=False). This issue has been patched in version 5.17.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41654","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07282","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41654"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41654","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41654"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/19061","reference_id":"19061","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/19061"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/19062","reference_id":"19062","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/19062"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/e1eff1f517c1ee315d69581910baaabb724e5ef0","reference_id":"e1eff1f517c1ee315d69581910baaabb724e5ef0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/e1eff1f517c1ee315d69581910baaabb724e5ef0"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/e4b67a76d95d5165ecb9937f7485fd79223b7f14","reference_id":"e4b67a76d95d5165ecb9937f7485fd79223b7f14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/e4b67a76d95d5165ecb9937f7485fd79223b7f14"},{"reference_url":"https://github.com/advisories/GHSA-cwcx-382v-8m9g","reference_id":"GHSA-cwcx-382v-8m9g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwcx-382v-8m9g"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-cwcx-382v-8m9g","reference_id":"GHSA-cwcx-382v-8m9g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-cwcx-382v-8m9g"},{"reference_url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","reference_id":"weblate-5.17.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:23:34Z/"}],"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373571?format=json","purl":"pkg:pypi/weblate@5.17.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17.1"}],"aliases":["CVE-2026-41654","GHSA-cwcx-382v-8m9g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkpe-cvt3-w3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28326?format=json","vulnerability_id":"VCID-ynw1-ttb5-4ydn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34244","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01405","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01408","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34244"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/18684","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate/pull/18684"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34244","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34244"},{"reference_url":"https://github.com/WeblateOrg/weblate/commit/e619e9090202e4886b844c110d39308e7e882c0e","reference_id":"e619e9090202e4886b844c110d39308e7e882c0e","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:58Z/"}],"url":"https://github.com/WeblateOrg/weblate/commit/e619e9090202e4886b844c110d39308e7e882c0e"},{"reference_url":"https://github.com/advisories/GHSA-xrwr-fcw6-fmq8","reference_id":"GHSA-xrwr-fcw6-fmq8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrwr-fcw6-fmq8"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-xrwr-fcw6-fmq8","reference_id":"GHSA-xrwr-fcw6-fmq8","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T18:49:58Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-xrwr-fcw6-fmq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92245?format=json","purl":"pkg:pypi/weblate@5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.17"}],"aliases":["CVE-2026-34244","GHSA-xrwr-fcw6-fmq8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynw1-ttb5-4ydn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109005?format=json","vulnerability_id":"VCID-zzf6-uufj-3kap","summary":"Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67715","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01726","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01722","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67715"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-233.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-233.yaml"},{"reference_url":"https://github.com/WeblateOrg/weblate","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/weblate"},{"reference_url":"https://github.com/WeblateOrg/weblate/pull/17256","reference_id":"17256","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T14:36:56Z/"}],"url":"https://github.com/WeblateOrg/weblate/pull/17256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67715","reference_id":"CVE-2025-67715","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67715"},{"reference_url":"https://github.com/advisories/GHSA-3pmh-24wp-xpf4","reference_id":"GHSA-3pmh-24wp-xpf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pmh-24wp-xpf4"},{"reference_url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3pmh-24wp-xpf4","reference_id":"GHSA-3pmh-24wp-xpf4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T14:36:56Z/"}],"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3pmh-24wp-xpf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36215?format=json","purl":"pkg:pypi/weblate@5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gh-1j1y-pud2"},{"vulnerability":"VCID-3nnm-5hms-ufb2"},{"vulnerability":"VCID-7uky-8ks8-8kg1"},{"vulnerability":"VCID-7xdv-rje4-bfh5"},{"vulnerability":"VCID-8znh-acd2-53bm"},{"vulnerability":"VCID-am2b-ejeh-n3gt"},{"vulnerability":"VCID-bxuh-n3fj-ffga"},{"vulnerability":"VCID-dfsk-f6ch-hqcn"},{"vulnerability":"VCID-dsmf-fhrh-ukh3"},{"vulnerability":"VCID-fp81-5b87-j7ax"},{"vulnerability":"VCID-rauj-hjbg-j7b4"},{"vulnerability":"VCID-rfk6-ty49-f3ft"},{"vulnerability":"VCID-rywq-qyvb-8fcg"},{"vulnerability":"VCID-rzfg-uyxe-xyhd"},{"vulnerability":"VCID-se5h-tu1z-1ybv"},{"vulnerability":"VCID-ttsu-s5sc-47f1"},{"vulnerability":"VCID-uctk-5p7z-cug3"},{"vulnerability":"VCID-wkpe-cvt3-w3d4"},{"vulnerability":"VCID-ynw1-ttb5-4ydn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/396946?format=json","purl":"pkg:pypi/weblate@5.15.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@5.15.0"}],"aliases":["CVE-2025-67715","GHSA-3pmh-24wp-xpf4","PYSEC-2025-233"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzf6-uufj-3kap"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/weblate@4.14"}