{"url":"http://public2.vulnerablecode.io/api/packages/49188?format=json","purl":"pkg:pypi/wagtail@7.2","type":"pypi","namespace":"","name":"wagtail","version":"7.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.3.2","latest_non_vulnerable_version":"7.3.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9658?format=json","vulnerability_id":"VCID-12d4-1bj5-2yb5","summary":"Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44199","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09514","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44199"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44199","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44199"},{"reference_url":"https://github.com/advisories/GHSA-pwm3-7fv4-g6xx","reference_id":"GHSA-pwm3-7fv4-g6xx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwm3-7fv4-g6xx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49196?format=json","purl":"pkg:pypi/wagtail@7.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2"}],"aliases":["CVE-2026-44199","GHSA-pwm3-7fv4-g6xx","PYSEC-2026-148"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12d4-1bj5-2yb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22374?format=json","vulnerability_id":"VCID-1dyp-u5tf-mqhh","summary":"Wagtail has improper permission handling on admin preview endpoints\nDue to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25517","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02431","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25517"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/"}],"url":"https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719"},{"reference_url":"https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/"}],"url":"https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f"},{"reference_url":"https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/"}],"url":"https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190"},{"reference_url":"https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/"}],"url":"https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915"},{"reference_url":"https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/"}],"url":"https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v6.3.6","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail/releases/tag/v6.3.6"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.0.4","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.0.4"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.1.3","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.1.3"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.2.2","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.2.2"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.3","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25517","reference_id":"CVE-2026-25517","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25517"},{"reference_url":"https://github.com/advisories/GHSA-4qvv-g3vr-m348","reference_id":"GHSA-4qvv-g3vr-m348","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qvv-g3vr-m348"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348","reference_id":"GHSA-4qvv-g3vr-m348","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49190?format=json","purl":"pkg:pypi/wagtail@7.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12d4-1bj5-2yb5"},{"vulnerability":"VCID-2upt-d3sg-ebea"},{"vulnerability":"VCID-5p3e-kwee-ukfr"},{"vulnerability":"VCID-672q-fuy3-yqd1"},{"vulnerability":"VCID-prth-nf4k-nqe5"},{"vulnerability":"VCID-qf1m-zu2w-dbds"},{"vulnerability":"VCID-yvjp-hx9y-mkgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/49193?format=json","purl":"pkg:pypi/wagtail@7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12d4-1bj5-2yb5"},{"vulnerability":"VCID-2upt-d3sg-ebea"},{"vulnerability":"VCID-5p3e-kwee-ukfr"},{"vulnerability":"VCID-672q-fuy3-yqd1"},{"vulnerability":"VCID-prth-nf4k-nqe5"},{"vulnerability":"VCID-qf1m-zu2w-dbds"},{"vulnerability":"VCID-yvjp-hx9y-mkgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3"}],"aliases":["CVE-2026-25517","GHSA-4qvv-g3vr-m348"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dyp-u5tf-mqhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9657?format=json","vulnerability_id":"VCID-2upt-d3sg-ebea","summary":"Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44198","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09075","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44198"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44198","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44198"},{"reference_url":"https://github.com/advisories/GHSA-c4mr-889m-vgf6","reference_id":"GHSA-c4mr-889m-vgf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4mr-889m-vgf6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49196?format=json","purl":"pkg:pypi/wagtail@7.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2"}],"aliases":["CVE-2026-44198","GHSA-c4mr-889m-vgf6","PYSEC-2026-147"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2upt-d3sg-ebea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9656?format=json","vulnerability_id":"VCID-5p3e-kwee-ukfr","summary":"Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44197","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10242","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44197"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44197","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44197"},{"reference_url":"https://github.com/advisories/GHSA-c6wj-9vcj-75pj","reference_id":"GHSA-c6wj-9vcj-75pj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6wj-9vcj-75pj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49196?format=json","purl":"pkg:pypi/wagtail@7.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2"}],"aliases":["CVE-2026-44197","GHSA-c6wj-9vcj-75pj","PYSEC-2026-146"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3e-kwee-ukfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22963?format=json","vulnerability_id":"VCID-672q-fuy3-yqd1","summary":"Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface\nA stored Cross-site Scripting (XSS) vulnerability exists on confirmation messages within the `wagtail.contrib.simple_translation` module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the \"Translate\" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28223","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1391","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28223"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863"},{"reference_url":"https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19"},{"reference_url":"https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c"},{"reference_url":"https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v6.3.8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v6.3.8"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.0.6"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.2.3"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.3.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.3.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28223","reference_id":"CVE-2026-28223","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28223"},{"reference_url":"https://github.com/advisories/GHSA-p4v8-rw59-93cq","reference_id":"GHSA-p4v8-rw59-93cq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p4v8-rw59-93cq"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq","reference_id":"GHSA-p4v8-rw59-93cq","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49191?format=json","purl":"pkg:pypi/wagtail@7.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12d4-1bj5-2yb5"},{"vulnerability":"VCID-2upt-d3sg-ebea"},{"vulnerability":"VCID-5p3e-kwee-ukfr"},{"vulnerability":"VCID-qf1m-zu2w-dbds"},{"vulnerability":"VCID-yvjp-hx9y-mkgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/49194?format=json","purl":"pkg:pypi/wagtail@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12d4-1bj5-2yb5"},{"vulnerability":"VCID-2upt-d3sg-ebea"},{"vulnerability":"VCID-5p3e-kwee-ukfr"},{"vulnerability":"VCID-qf1m-zu2w-dbds"},{"vulnerability":"VCID-yvjp-hx9y-mkgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1"}],"aliases":["CVE-2026-28223","GHSA-p4v8-rw59-93cq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-672q-fuy3-yqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22964?format=json","vulnerability_id":"VCID-prth-nf4k-nqe5","summary":"Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes\nA stored Cross-site Scripting (XSS) vulnerability exists on rendering `TableBlock` blocks within a StreamField. A user with access to create or edit pages containing `TableBlock` StreamField blocks is able to set specially-crafted `class` attributes on the block which run arbitrary JavaScript code when the page is viewed. When viewed by a user with higher privileges, this could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites using TableBlock.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28222","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29604","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28222"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d"},{"reference_url":"https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e"},{"reference_url":"https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85"},{"reference_url":"https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v6.3.8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v6.3.8"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.0.6"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.2.3"},{"reference_url":"https://github.com/wagtail/wagtail/releases/tag/v7.3.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/releases/tag/v7.3.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28222","reference_id":"CVE-2026-28222","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28222"},{"reference_url":"https://github.com/advisories/GHSA-p5cm-246w-84jm","reference_id":"GHSA-p5cm-246w-84jm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5cm-246w-84jm"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm","reference_id":"GHSA-p5cm-246w-84jm","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49191?format=json","purl":"pkg:pypi/wagtail@7.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12d4-1bj5-2yb5"},{"vulnerability":"VCID-2upt-d3sg-ebea"},{"vulnerability":"VCID-5p3e-kwee-ukfr"},{"vulnerability":"VCID-qf1m-zu2w-dbds"},{"vulnerability":"VCID-yvjp-hx9y-mkgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/49194?format=json","purl":"pkg:pypi/wagtail@7.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12d4-1bj5-2yb5"},{"vulnerability":"VCID-2upt-d3sg-ebea"},{"vulnerability":"VCID-5p3e-kwee-ukfr"},{"vulnerability":"VCID-qf1m-zu2w-dbds"},{"vulnerability":"VCID-yvjp-hx9y-mkgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1"}],"aliases":["CVE-2026-28222","GHSA-p5cm-246w-84jm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prth-nf4k-nqe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9660?format=json","vulnerability_id":"VCID-qf1m-zu2w-dbds","summary":"Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44201","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02074","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44201"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44201","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44201"},{"reference_url":"https://github.com/advisories/GHSA-p5gm-92h4-6pv6","reference_id":"GHSA-p5gm-92h4-6pv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5gm-92h4-6pv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49196?format=json","purl":"pkg:pypi/wagtail@7.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2"}],"aliases":["CVE-2026-44201","GHSA-p5gm-92h4-6pv6","PYSEC-2026-150"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1m-zu2w-dbds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9659?format=json","vulnerability_id":"VCID-yvjp-hx9y-mkgf","summary":"Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44200","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08279","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44200"},{"reference_url":"https://github.com/wagtail/wagtail","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wagtail/wagtail"},{"reference_url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/"}],"url":"https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44200","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44200"},{"reference_url":"https://github.com/advisories/GHSA-67rv-mg8q-5pf3","reference_id":"GHSA-67rv-mg8q-5pf3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67rv-mg8q-5pf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49196?format=json","purl":"pkg:pypi/wagtail@7.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2"}],"aliases":["CVE-2026-44200","GHSA-67rv-mg8q-5pf3","PYSEC-2026-149"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjp-hx9y-mkgf"}],"fixing_vulnerabilities":[],"risk_score":"3.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2"}