Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/wagtail-2fa@0.0.1

Type pypi

Namespace

Name wagtail-2fa

Version 0.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.4.1

Latest_non_vulnerable_version 1.4.1

Affected_by_vulnerabilities

url VCID-9d3c-awdc-v3dq

vulnerability_id VCID-9d3c-awdc-v3dq

summary 2FA bypass through deleting devices in wagtail-2fa

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5240

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37695
published_at	2026-06-12T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37517
published_at	2026-06-11T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37706
published_at	2026-06-14T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37718
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5240

reference_url

https://github.com/labd/wagtail-2fa

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

value	6.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa

reference_url

https://github.com/labd/wagtail-2fa/commit/ac23550d33b7436e90e3beea904647907eba5b74

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

value	6.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa/commit/ac23550d33b7436e90e3beea904647907eba5b74

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/wagtail-2fa/PYSEC-2020-219.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

value	6.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/wagtail-2fa/PYSEC-2020-219.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5240

reference_id

CVE-2020-5240

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

value	6.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5240

reference_url

https://github.com/advisories/GHSA-9gjv-6qq6-v7qm

reference_id

GHSA-9gjv-6qq6-v7qm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9gjv-6qq6-v7qm

reference_url

https://github.com/labd/wagtail-2fa/security/advisories/GHSA-9gjv-6qq6-v7qm

reference_id

GHSA-9gjv-6qq6-v7qm

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa/security/advisories/GHSA-9gjv-6qq6-v7qm

fixed_packages

url	pkg:pypi/wagtail-2fa@1.4.1
purl	pkg:pypi/wagtail-2fa@1.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.4.1

aliases CVE-2020-5240, GHSA-9gjv-6qq6-v7qm, PYSEC-2020-219

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9d3c-awdc-v3dq

url VCID-gy5m-jsus-e3hv

vulnerability_id VCID-gy5m-jsus-e3hv

summary 2FA bypass in Wagtail through new device path

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16766

reference_id

reference_type

scores

value	0.00162
scoring_system	epss
scoring_elements	0.37087
published_at	2026-06-13T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.36883
published_at	2026-06-11T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.37061
published_at	2026-06-12T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.37072
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16766

reference_url

https://github.com/labd/wagtail-2fa

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa

reference_url

https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca

reference_url

https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81

reference_url	https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm
reference_id
reference_type
scores
url	https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/wagtail-2fa/PYSEC-2019-135.yaml

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/wagtail-2fa/PYSEC-2019-135.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16766

reference_id

CVE-2019-16766

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16766

reference_url

https://github.com/advisories/GHSA-89px-ww3j-g2mm

reference_id

GHSA-89px-ww3j-g2mm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89px-ww3j-g2mm

reference_url

https://github.com/labd/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm

reference_id

GHSA-89px-ww3j-g2mm

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/labd/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm

fixed_packages

url pkg:pypi/wagtail-2fa@1.3.0

purl pkg:pypi/wagtail-2fa@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9d3c-awdc-v3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.3.0

aliases CVE-2019-16766, GHSA-89px-ww3j-g2mm, PYSEC-2019-135

risk_score 3.9

exploitability 0.5

weighted_severity 7.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gy5m-jsus-e3hv

url VCID-h32t-bmzf-j3h2

vulnerability_id VCID-h32t-bmzf-j3h2

summary When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.

references

reference_url	https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca
reference_id
reference_type
scores
url	https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca

reference_url	https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81
reference_id
reference_type
scores
url	https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81

reference_url	https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm
reference_id
reference_type
scores
url	https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm

fixed_packages

url pkg:pypi/wagtail-2fa@1.3.0

purl pkg:pypi/wagtail-2fa@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9d3c-awdc-v3dq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.3.0

aliases PYSEC-2019-65

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h32t-bmzf-j3h2

Fixing_vulnerabilities

Risk_score 3.9

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@0.0.1

Package Instance