Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/wagtail@6.1.3
Typepypi
Namespace
Namewagtail
Version6.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.7
Latest_non_vulnerable_version7.3.2
Affected_by_vulnerabilities
0
url VCID-7uqp-knu1-sybq
vulnerability_id VCID-7uqp-knu1-sybq
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11872
published_at 2026-06-14T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11895
published_at 2026-06-13T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11896
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-146.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-146.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
4
reference_url https://github.com/advisories/GHSA-c6wj-9vcj-75pj
reference_id GHSA-c6wj-9vcj-75pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6wj-9vcj-75pj
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
reference_id GHSA-c6wj-9vcj-75pj
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44197, GHSA-c6wj-9vcj-75pj, PYSEC-2026-146
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uqp-knu1-sybq
1
url VCID-feyw-n44z-cuc9
vulnerability_id VCID-feyw-n44z-cuc9
summary Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28223
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13925
published_at 2026-06-11T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.14014
published_at 2026-06-14T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.1404
published_at 2026-06-13T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.14042
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28223
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
reference_id 1c6f2effed68f4ccad6fbd07987e03641505f863
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
3
reference_url https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
reference_id ba70244d376a7b1bd180ded03e827917ff410c19
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28223
reference_id CVE-2026-28223
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28223
5
reference_url https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
reference_id d8c5900982df8ed5938ad993aa9ff69cda50f80c
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
6
reference_url https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
reference_id ee39d39deeb7f250fe886417b24802d7e05b1143
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
7
reference_url https://github.com/advisories/GHSA-p4v8-rw59-93cq
reference_id GHSA-p4v8-rw59-93cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4v8-rw59-93cq
8
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq
reference_id GHSA-p4v8-rw59-93cq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
reference_id v6.3.8
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
reference_id v7.0.6
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
11
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
reference_id v7.2.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
12
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
reference_id v7.3.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
fixed_packages
0
url pkg:pypi/wagtail@6.3.8
purl pkg:pypi/wagtail@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8
1
url pkg:pypi/wagtail@7.0.6
purl pkg:pypi/wagtail@7.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6
2
url pkg:pypi/wagtail@7.2.3
purl pkg:pypi/wagtail@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3
3
url pkg:pypi/wagtail@7.3.1
purl pkg:pypi/wagtail@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1
aliases CVE-2026-28223, GHSA-p4v8-rw59-93cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feyw-n44z-cuc9
2
url VCID-mcfk-qckt-eug8
vulnerability_id VCID-mcfk-qckt-eug8
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02019
published_at 2026-06-11T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02545
published_at 2026-06-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02554
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
4
reference_url https://github.com/advisories/GHSA-p5gm-92h4-6pv6
reference_id GHSA-p5gm-92h4-6pv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5gm-92h4-6pv6
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
reference_id GHSA-p5gm-92h4-6pv6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44201, GHSA-p5gm-92h4-6pv6, PYSEC-2026-150
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcfk-qckt-eug8
3
url VCID-r4v4-7425-yqgd
vulnerability_id VCID-r4v4-7425-yqgd
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10546
published_at 2026-06-14T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10571
published_at 2026-06-13T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.1057
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-147.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-147.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
4
reference_url https://github.com/advisories/GHSA-c4mr-889m-vgf6
reference_id GHSA-c4mr-889m-vgf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4mr-889m-vgf6
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
reference_id GHSA-c4mr-889m-vgf6
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44198, GHSA-c4mr-889m-vgf6, PYSEC-2026-147
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4v4-7425-yqgd
4
url VCID-t8am-3wuh-6ka2
vulnerability_id VCID-t8am-3wuh-6ka2
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08198
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09612
published_at 2026-06-12T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.096
published_at 2026-06-14T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.0961
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
4
reference_url https://github.com/advisories/GHSA-67rv-mg8q-5pf3
reference_id GHSA-67rv-mg8q-5pf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rv-mg8q-5pf3
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
reference_id GHSA-67rv-mg8q-5pf3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44200, GHSA-67rv-mg8q-5pf3, PYSEC-2026-149
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8am-3wuh-6ka2
5
url VCID-w5jh-4xaa-qyg2
vulnerability_id VCID-w5jh-4xaa-qyg2
summary Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code when the page is viewed. When viewed by a user with higher privileges, this could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites using TableBlock. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28222
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29493
published_at 2026-06-11T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29692
published_at 2026-06-14T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29708
published_at 2026-06-13T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.2969
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28222
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d
reference_id 0375094bb57ce6e527005c2bb2e871dd20bca04d
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d
3
reference_url https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e
reference_id 4620423cb22c5253391a0f04178089c1162f6e2e
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e
4
reference_url https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85
reference_id 575c0d7c18c7716ed73f7a3c2720ad75956f0a85
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85
5
reference_url https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b
reference_id 605a5569686565e035313222e1bc2f9802fbc55b
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28222
reference_id CVE-2026-28222
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28222
7
reference_url https://github.com/advisories/GHSA-p5cm-246w-84jm
reference_id GHSA-p5cm-246w-84jm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5cm-246w-84jm
8
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm
reference_id GHSA-p5cm-246w-84jm
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
reference_id v6.3.8
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
reference_id v7.0.6
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
11
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
reference_id v7.2.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
12
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
reference_id v7.3.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
fixed_packages
0
url pkg:pypi/wagtail@6.3.8
purl pkg:pypi/wagtail@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8
1
url pkg:pypi/wagtail@7.0.6
purl pkg:pypi/wagtail@7.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6
2
url pkg:pypi/wagtail@7.2.3
purl pkg:pypi/wagtail@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3
3
url pkg:pypi/wagtail@7.3.1
purl pkg:pypi/wagtail@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1
aliases CVE-2026-28222, GHSA-p5cm-246w-84jm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5jh-4xaa-qyg2
6
url VCID-wwur-1fuu-yka1
vulnerability_id VCID-wwur-1fuu-yka1
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09491
published_at 2026-06-11T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11052
published_at 2026-06-14T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11085
published_at 2026-06-13T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.1109
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
4
reference_url https://github.com/advisories/GHSA-pwm3-7fv4-g6xx
reference_id GHSA-pwm3-7fv4-g6xx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwm3-7fv4-g6xx
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
reference_id GHSA-pwm3-7fv4-g6xx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44199, GHSA-pwm3-7fv4-g6xx, PYSEC-2026-148
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwur-1fuu-yka1
7
url VCID-yu3w-ev5z-uuhc
vulnerability_id VCID-yu3w-ev5z-uuhc
summary Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25517
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.02997
published_at 2026-06-11T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03005
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02994
published_at 2026-06-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03009
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25517
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.6
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v6.3.6
3
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.4
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.0.4
4
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.1.3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.1.3
5
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.2
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.2.2
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.3
7
reference_url https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719
reference_id 01fd3477365a193e6a8270311defb76e890d2719
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719
8
reference_url https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
reference_id 5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
9
reference_url https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
reference_id 73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
10
reference_url https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915
reference_id 7dfe8de5f8b3f112c73c87b6729197db16454915
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25517
reference_id CVE-2026-25517
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25517
12
reference_url https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03
reference_id dd824023a031f1b82a6b6f83a97a5c73391b7c03
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03
13
reference_url https://github.com/advisories/GHSA-4qvv-g3vr-m348
reference_id GHSA-4qvv-g3vr-m348
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qvv-g3vr-m348
14
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
reference_id GHSA-4qvv-g3vr-m348
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
fixed_packages
0
url pkg:pypi/wagtail@6.3.6
purl pkg:pypi/wagtail@6.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.6
1
url pkg:pypi/wagtail@7.0.4
purl pkg:pypi/wagtail@7.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.4
2
url pkg:pypi/wagtail@7.1.3
purl pkg:pypi/wagtail@7.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.1.3
3
url pkg:pypi/wagtail@7.2.2
purl pkg:pypi/wagtail@7.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2
4
url pkg:pypi/wagtail@7.3
purl pkg:pypi/wagtail@7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3
aliases CVE-2026-25517, GHSA-4qvv-g3vr-m348
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu3w-ev5z-uuhc
Fixing_vulnerabilities
0
url VCID-gmht-envk-pbd8
vulnerability_id VCID-gmht-envk-pbd8
summary Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39317
reference_id
reference_type
scores
0
value 0.00329
scoring_system epss
scoring_elements 0.56412
published_at 2026-06-13T12:55:00Z
1
value 0.00329
scoring_system epss
scoring_elements 0.564
published_at 2026-06-14T12:55:00Z
2
value 0.00329
scoring_system epss
scoring_elements 0.56397
published_at 2026-06-12T12:55:00Z
3
value 0.00329
scoring_system epss
scoring_elements 0.56278
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39317
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2024-86.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2024-86.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2
reference_id 31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2
4
reference_url https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797
reference_id 3c941136f79c48446e3858df46e5b668d7f83797
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797
5
reference_url https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2
reference_id b783c096b6d4fd2cfc05f9137a0be288850e99a2
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39317
reference_id CVE-2024-39317
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39317
7
reference_url https://github.com/advisories/GHSA-jmp3-39vp-fwg8
reference_id GHSA-jmp3-39vp-fwg8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmp3-39vp-fwg8
8
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8
reference_id GHSA-jmp3-39vp-fwg8
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8
fixed_packages
0
url pkg:pypi/wagtail@5.2.6
purl pkg:pypi/wagtail@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
7
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.2.6
1
url pkg:pypi/wagtail@6.0rc1
purl pkg:pypi/wagtail@6.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-r4v4-7425-yqgd
5
vulnerability VCID-t8am-3wuh-6ka2
6
vulnerability VCID-w5jh-4xaa-qyg2
7
vulnerability VCID-wwur-1fuu-yka1
8
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0rc1
2
url pkg:pypi/wagtail@6.0.6
purl pkg:pypi/wagtail@6.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
7
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.6
3
url pkg:pypi/wagtail@6.1rc1
purl pkg:pypi/wagtail@6.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-r4v4-7425-yqgd
5
vulnerability VCID-t8am-3wuh-6ka2
6
vulnerability VCID-w5jh-4xaa-qyg2
7
vulnerability VCID-wwur-1fuu-yka1
8
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1rc1
4
url pkg:pypi/wagtail@6.1.3
purl pkg:pypi/wagtail@6.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
7
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1.3
aliases CVE-2024-39317, GHSA-jmp3-39vp-fwg8, PYSEC-2024-86
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmht-envk-pbd8
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1.3