Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/wagtail@1.12.6
Typepypi
Namespace
Namewagtail
Version1.12.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.7
Latest_non_vulnerable_version7.3.2
Affected_by_vulnerabilities
0
url VCID-7uqp-knu1-sybq
vulnerability_id VCID-7uqp-knu1-sybq
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11895
published_at 2026-06-13T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11896
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-146.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-146.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
4
reference_url https://github.com/advisories/GHSA-c6wj-9vcj-75pj
reference_id GHSA-c6wj-9vcj-75pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6wj-9vcj-75pj
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
reference_id GHSA-c6wj-9vcj-75pj
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44197, GHSA-c6wj-9vcj-75pj, PYSEC-2026-146
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uqp-knu1-sybq
1
url VCID-feyw-n44z-cuc9
vulnerability_id VCID-feyw-n44z-cuc9
summary Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28223
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13925
published_at 2026-06-11T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1404
published_at 2026-06-13T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.14042
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28223
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
reference_id 1c6f2effed68f4ccad6fbd07987e03641505f863
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
3
reference_url https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
reference_id ba70244d376a7b1bd180ded03e827917ff410c19
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28223
reference_id CVE-2026-28223
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28223
5
reference_url https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
reference_id d8c5900982df8ed5938ad993aa9ff69cda50f80c
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
6
reference_url https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
reference_id ee39d39deeb7f250fe886417b24802d7e05b1143
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
7
reference_url https://github.com/advisories/GHSA-p4v8-rw59-93cq
reference_id GHSA-p4v8-rw59-93cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4v8-rw59-93cq
8
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq
reference_id GHSA-p4v8-rw59-93cq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
reference_id v6.3.8
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
reference_id v7.0.6
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
11
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
reference_id v7.2.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
12
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
reference_id v7.3.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
fixed_packages
0
url pkg:pypi/wagtail@6.3.8
purl pkg:pypi/wagtail@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8
1
url pkg:pypi/wagtail@7.0.6
purl pkg:pypi/wagtail@7.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6
2
url pkg:pypi/wagtail@7.2.3
purl pkg:pypi/wagtail@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3
3
url pkg:pypi/wagtail@7.3.1
purl pkg:pypi/wagtail@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1
aliases CVE-2026-28223, GHSA-p4v8-rw59-93cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feyw-n44z-cuc9
2
url VCID-kqwq-kfbc-p3gk
vulnerability_id VCID-kqwq-kfbc-p3gk
summary Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46291
published_at 2026-06-13T12:55:00Z
1
value 0.00232
scoring_system epss
scoring_elements 0.46135
published_at 2026-06-11T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.46279
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
4
reference_url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
5
reference_url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
11
reference_url https://github.com/advisories/GHSA-fc75-58r8-rm3h
reference_id GHSA-fc75-58r8-rm3h
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fc75-58r8-rm3h
fixed_packages
0
url pkg:pypi/wagtail@4.1.9
purl pkg:pypi/wagtail@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-r4v4-7425-yqgd
5
vulnerability VCID-t8am-3wuh-6ka2
6
vulnerability VCID-w5jh-4xaa-qyg2
7
vulnerability VCID-wwur-1fuu-yka1
8
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.9
1
url pkg:pypi/wagtail@4.2rc1
purl pkg:pypi/wagtail@4.2rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-pdza-s2q4-cbe2
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1
2
url pkg:pypi/wagtail@5.0.5
purl pkg:pypi/wagtail@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-r4v4-7425-yqgd
5
vulnerability VCID-t8am-3wuh-6ka2
6
vulnerability VCID-w5jh-4xaa-qyg2
7
vulnerability VCID-wwur-1fuu-yka1
8
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.0.5
3
url pkg:pypi/wagtail@5.1rc1
purl pkg:pypi/wagtail@5.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-r4v4-7425-yqgd
5
vulnerability VCID-t8am-3wuh-6ka2
6
vulnerability VCID-w5jh-4xaa-qyg2
7
vulnerability VCID-wwur-1fuu-yka1
8
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1rc1
4
url pkg:pypi/wagtail@5.1.3
purl pkg:pypi/wagtail@5.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-r4v4-7425-yqgd
5
vulnerability VCID-t8am-3wuh-6ka2
6
vulnerability VCID-w5jh-4xaa-qyg2
7
vulnerability VCID-wwur-1fuu-yka1
8
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1.3
aliases CVE-2023-45809, GHSA-fc75-58r8-rm3h, PYSEC-2023-219
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqwq-kfbc-p3gk
3
url VCID-mcfk-qckt-eug8
vulnerability_id VCID-mcfk-qckt-eug8
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02019
published_at 2026-06-11T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02545
published_at 2026-06-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02554
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
4
reference_url https://github.com/advisories/GHSA-p5gm-92h4-6pv6
reference_id GHSA-p5gm-92h4-6pv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5gm-92h4-6pv6
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
reference_id GHSA-p5gm-92h4-6pv6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44201, GHSA-p5gm-92h4-6pv6, PYSEC-2026-150
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcfk-qckt-eug8
4
url VCID-n376-vr5v-c7hh
vulnerability_id VCID-n376-vr5v-c7hh
summary Potential Observable Timing Discrepancy in Wagtail
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11037
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16874
published_at 2026-06-12T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16724
published_at 2026-06-11T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16888
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11037
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-153.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-153.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf
4
reference_url https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090
5
reference_url https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11
6
reference_url https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11037
reference_id CVE-2020-11037
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11037
8
reference_url https://github.com/advisories/GHSA-jjjr-3jcw-f8v6
reference_id GHSA-jjjr-3jcw-f8v6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjjr-3jcw-f8v6
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6
reference_id GHSA-jjjr-3jcw-f8v6
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6
fixed_packages
0
url pkg:pypi/wagtail@2.7.3
purl pkg:pypi/wagtail@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-rvs7-5u4q-gyfz
8
vulnerability VCID-sgr3-pxdc-p7fa
9
vulnerability VCID-t8am-3wuh-6ka2
10
vulnerability VCID-tprz-998x-rfch
11
vulnerability VCID-w5jh-4xaa-qyg2
12
vulnerability VCID-wwur-1fuu-yka1
13
vulnerability VCID-yu3w-ev5z-uuhc
14
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.3
1
url pkg:pypi/wagtail@2.8.2
purl pkg:pypi/wagtail@2.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-rvs7-5u4q-gyfz
8
vulnerability VCID-sgr3-pxdc-p7fa
9
vulnerability VCID-t8am-3wuh-6ka2
10
vulnerability VCID-tprz-998x-rfch
11
vulnerability VCID-w5jh-4xaa-qyg2
12
vulnerability VCID-wwur-1fuu-yka1
13
vulnerability VCID-yu3w-ev5z-uuhc
14
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.8.2
2
url pkg:pypi/wagtail@2.9
purl pkg:pypi/wagtail@2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-rvs7-5u4q-gyfz
8
vulnerability VCID-sgr3-pxdc-p7fa
9
vulnerability VCID-t8am-3wuh-6ka2
10
vulnerability VCID-tprz-998x-rfch
11
vulnerability VCID-w5jh-4xaa-qyg2
12
vulnerability VCID-wwur-1fuu-yka1
13
vulnerability VCID-yu3w-ev5z-uuhc
14
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.9
aliases CVE-2020-11037, GHSA-jjjr-3jcw-f8v6, PYSEC-2020-153
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n376-vr5v-c7hh
5
url VCID-pdza-s2q4-cbe2
vulnerability_id VCID-pdza-s2q4-cbe2
summary Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28836
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.7841
published_at 2026-06-11T12:55:00Z
1
value 0.01096
scoring_system epss
scoring_elements 0.78492
published_at 2026-06-13T12:55:00Z
2
value 0.01096
scoring_system epss
scoring_elements 0.78478
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28836
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28836
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28836
4
reference_url https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
reference_id 5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
5
reference_url https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
reference_id bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
6
reference_url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
reference_id chooseparentview.html#customising-chooseparentview
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
7
reference_url https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
reference_id eefc3381d37b476791610e5d30594fae443f33af
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
8
reference_url https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
reference_id ff806ab173a504395fdfb3139eb0a29444ab4b91
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
9
reference_url https://github.com/advisories/GHSA-5286-f2rf-35c2
reference_id GHSA-5286-f2rf-35c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5286-f2rf-35c2
10
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
reference_id GHSA-5286-f2rf-35c2
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
11
reference_url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
reference_id inspectview.html#enabling-customising-inspectview
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
12
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id v4.2.2
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
fixed_packages
0
url pkg:pypi/wagtail@4.1.4
purl pkg:pypi/wagtail@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4
1
url pkg:pypi/wagtail@4.2rc1
purl pkg:pypi/wagtail@4.2rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-pdza-s2q4-cbe2
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1
2
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28836, GHSA-5286-f2rf-35c2, PYSEC-2023-55
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdza-s2q4-cbe2
6
url VCID-r4v4-7425-yqgd
vulnerability_id VCID-r4v4-7425-yqgd
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10571
published_at 2026-06-13T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.1057
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-147.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-147.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
4
reference_url https://github.com/advisories/GHSA-c4mr-889m-vgf6
reference_id GHSA-c4mr-889m-vgf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4mr-889m-vgf6
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
reference_id GHSA-c4mr-889m-vgf6
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44198, GHSA-c4mr-889m-vgf6, PYSEC-2026-147
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4v4-7425-yqgd
7
url VCID-rvs7-5u4q-gyfz
vulnerability_id VCID-rvs7-5u4q-gyfz
summary Cross-Site Scripting in Wagtail
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15118
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69908
published_at 2026-06-13T12:55:00Z
1
value 0.00595
scoring_system epss
scoring_elements 0.69802
published_at 2026-06-11T12:55:00Z
2
value 0.00595
scoring_system epss
scoring_elements 0.69893
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15118
1
reference_url https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text
2
reference_url https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-154.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-154.yaml
4
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
5
reference_url https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst
6
reference_url https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15118
reference_id CVE-2020-15118
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15118
8
reference_url https://github.com/advisories/GHSA-2473-9hgq-j7xw
reference_id GHSA-2473-9hgq-j7xw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2473-9hgq-j7xw
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw
reference_id GHSA-2473-9hgq-j7xw
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw
fixed_packages
0
url pkg:pypi/wagtail@2.7.4
purl pkg:pypi/wagtail@2.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-sgr3-pxdc-p7fa
8
vulnerability VCID-t8am-3wuh-6ka2
9
vulnerability VCID-tprz-998x-rfch
10
vulnerability VCID-w5jh-4xaa-qyg2
11
vulnerability VCID-wwur-1fuu-yka1
12
vulnerability VCID-yu3w-ev5z-uuhc
13
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.4
1
url pkg:pypi/wagtail@2.9.3
purl pkg:pypi/wagtail@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-sgr3-pxdc-p7fa
8
vulnerability VCID-t8am-3wuh-6ka2
9
vulnerability VCID-tprz-998x-rfch
10
vulnerability VCID-w5jh-4xaa-qyg2
11
vulnerability VCID-wwur-1fuu-yka1
12
vulnerability VCID-yu3w-ev5z-uuhc
13
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.9.3
aliases CVE-2020-15118, GHSA-2473-9hgq-j7xw, PYSEC-2020-154
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvs7-5u4q-gyfz
8
url VCID-sgr3-pxdc-p7fa
vulnerability_id VCID-sgr3-pxdc-p7fa
summary Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29434
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51046
published_at 2026-06-11T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.51176
published_at 2026-06-12T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.51191
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29434
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4
4
reference_url https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c
5
reference_url https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29434
8
reference_url https://pypi.org/project/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/wagtail
9
reference_url https://pypi.org/project/wagtail/
reference_id
reference_type
scores
url https://pypi.org/project/wagtail/
10
reference_url https://github.com/advisories/GHSA-wq5h-f9p5-q7fx
reference_id GHSA-wq5h-f9p5-q7fx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq5h-f9p5-q7fx
fixed_packages
0
url pkg:pypi/wagtail@2.11.6
purl pkg:pypi/wagtail@2.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-sgr3-pxdc-p7fa
8
vulnerability VCID-t8am-3wuh-6ka2
9
vulnerability VCID-tprz-998x-rfch
10
vulnerability VCID-w5jh-4xaa-qyg2
11
vulnerability VCID-wwur-1fuu-yka1
12
vulnerability VCID-yu3w-ev5z-uuhc
13
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.6
1
url pkg:pypi/wagtail@2.11.7
purl pkg:pypi/wagtail@2.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-t8am-3wuh-6ka2
8
vulnerability VCID-tprz-998x-rfch
9
vulnerability VCID-w5jh-4xaa-qyg2
10
vulnerability VCID-wwur-1fuu-yka1
11
vulnerability VCID-yu3w-ev5z-uuhc
12
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.7
2
url pkg:pypi/wagtail@2.12.4
purl pkg:pypi/wagtail@2.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-t8am-3wuh-6ka2
8
vulnerability VCID-tprz-998x-rfch
9
vulnerability VCID-w5jh-4xaa-qyg2
10
vulnerability VCID-wwur-1fuu-yka1
11
vulnerability VCID-yu3w-ev5z-uuhc
12
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.4
aliases CVE-2021-29434, GHSA-wq5h-f9p5-q7fx, PYSEC-2021-114
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgr3-pxdc-p7fa
9
url VCID-t8am-3wuh-6ka2
vulnerability_id VCID-t8am-3wuh-6ka2
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08198
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09612
published_at 2026-06-12T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.0961
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
4
reference_url https://github.com/advisories/GHSA-67rv-mg8q-5pf3
reference_id GHSA-67rv-mg8q-5pf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rv-mg8q-5pf3
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
reference_id GHSA-67rv-mg8q-5pf3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44200, GHSA-67rv-mg8q-5pf3, PYSEC-2026-149
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8am-3wuh-6ka2
10
url VCID-tprz-998x-rfch
vulnerability_id VCID-tprz-998x-rfch
summary 
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service.

The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents.

Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. 

Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
reference_id
reference_type
scores
0
value 0.013
scoring_system epss
scoring_elements 0.80208
published_at 2026-06-12T12:55:00Z
1
value 0.013
scoring_system epss
scoring_elements 0.80223
published_at 2026-06-13T12:55:00Z
2
value 0.013
scoring_system epss
scoring_elements 0.80146
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
4
reference_url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
reference_id 3c0c64642b9e5b8d28b111263c7f4bddad6c3880
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
5
reference_url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
reference_id c9d2fcd650a88d76ae122646142245e5927a9165
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
6
reference_url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
reference_id cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
7
reference_url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
reference_id d4022310cbe497993459c3136311467c7ac6329a
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
8
reference_url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
reference_id GHSA-33pv-vcgh-jfg9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
reference_id GHSA-33pv-vcgh-jfg9
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
10
reference_url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
reference_id settings.html#wagtailimages-max-upload-size
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
11
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
reference_id v4.1.4
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
12
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id v4.2.2
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
fixed_packages
0
url pkg:pypi/wagtail@4.1.4
purl pkg:pypi/wagtail@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4
1
url pkg:pypi/wagtail@4.2rc1
purl pkg:pypi/wagtail@4.2rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-mcfk-qckt-eug8
4
vulnerability VCID-pdza-s2q4-cbe2
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1
2
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-r4v4-7425-yqgd
6
vulnerability VCID-t8am-3wuh-6ka2
7
vulnerability VCID-w5jh-4xaa-qyg2
8
vulnerability VCID-wwur-1fuu-yka1
9
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28837, GHSA-33pv-vcgh-jfg9, PYSEC-2023-56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tprz-998x-rfch
11
url VCID-w5jh-4xaa-qyg2
vulnerability_id VCID-w5jh-4xaa-qyg2
summary Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code when the page is viewed. When viewed by a user with higher privileges, this could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites using TableBlock. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28222
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29493
published_at 2026-06-11T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29708
published_at 2026-06-13T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.2969
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28222
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d
reference_id 0375094bb57ce6e527005c2bb2e871dd20bca04d
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d
3
reference_url https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e
reference_id 4620423cb22c5253391a0f04178089c1162f6e2e
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e
4
reference_url https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85
reference_id 575c0d7c18c7716ed73f7a3c2720ad75956f0a85
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85
5
reference_url https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b
reference_id 605a5569686565e035313222e1bc2f9802fbc55b
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28222
reference_id CVE-2026-28222
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28222
7
reference_url https://github.com/advisories/GHSA-p5cm-246w-84jm
reference_id GHSA-p5cm-246w-84jm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5cm-246w-84jm
8
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm
reference_id GHSA-p5cm-246w-84jm
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
reference_id v6.3.8
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
reference_id v7.0.6
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
11
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
reference_id v7.2.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
12
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
reference_id v7.3.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
fixed_packages
0
url pkg:pypi/wagtail@6.3.8
purl pkg:pypi/wagtail@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8
1
url pkg:pypi/wagtail@7.0.6
purl pkg:pypi/wagtail@7.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6
2
url pkg:pypi/wagtail@7.2.3
purl pkg:pypi/wagtail@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3
3
url pkg:pypi/wagtail@7.3.1
purl pkg:pypi/wagtail@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-mcfk-qckt-eug8
2
vulnerability VCID-r4v4-7425-yqgd
3
vulnerability VCID-t8am-3wuh-6ka2
4
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1
aliases CVE-2026-28222, GHSA-p5cm-246w-84jm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5jh-4xaa-qyg2
12
url VCID-wwur-1fuu-yka1
vulnerability_id VCID-wwur-1fuu-yka1
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09491
published_at 2026-06-11T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11085
published_at 2026-06-13T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.1109
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
4
reference_url https://github.com/advisories/GHSA-pwm3-7fv4-g6xx
reference_id GHSA-pwm3-7fv4-g6xx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwm3-7fv4-g6xx
5
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
reference_id GHSA-pwm3-7fv4-g6xx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44199, GHSA-pwm3-7fv4-g6xx, PYSEC-2026-148
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwur-1fuu-yka1
13
url VCID-yu3w-ev5z-uuhc
vulnerability_id VCID-yu3w-ev5z-uuhc
summary Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25517
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.02994
published_at 2026-06-13T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03009
published_at 2026-06-12T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02997
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25517
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.6
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v6.3.6
3
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.4
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.0.4
4
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.1.3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.1.3
5
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.2
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.2.2
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.3
7
reference_url https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719
reference_id 01fd3477365a193e6a8270311defb76e890d2719
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719
8
reference_url https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
reference_id 5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
9
reference_url https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
reference_id 73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
10
reference_url https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915
reference_id 7dfe8de5f8b3f112c73c87b6729197db16454915
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25517
reference_id CVE-2026-25517
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25517
12
reference_url https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03
reference_id dd824023a031f1b82a6b6f83a97a5c73391b7c03
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03
13
reference_url https://github.com/advisories/GHSA-4qvv-g3vr-m348
reference_id GHSA-4qvv-g3vr-m348
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qvv-g3vr-m348
14
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
reference_id GHSA-4qvv-g3vr-m348
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
fixed_packages
0
url pkg:pypi/wagtail@6.3.6
purl pkg:pypi/wagtail@6.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.6
1
url pkg:pypi/wagtail@7.0.4
purl pkg:pypi/wagtail@7.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.4
2
url pkg:pypi/wagtail@7.1.3
purl pkg:pypi/wagtail@7.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.1.3
3
url pkg:pypi/wagtail@7.2.2
purl pkg:pypi/wagtail@7.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2
4
url pkg:pypi/wagtail@7.3
purl pkg:pypi/wagtail@7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-mcfk-qckt-eug8
3
vulnerability VCID-r4v4-7425-yqgd
4
vulnerability VCID-t8am-3wuh-6ka2
5
vulnerability VCID-w5jh-4xaa-qyg2
6
vulnerability VCID-wwur-1fuu-yka1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3
aliases CVE-2026-25517, GHSA-4qvv-g3vr-m348
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu3w-ev5z-uuhc
14
url VCID-z3a5-fe5t-eka3
vulnerability_id VCID-z3a5-fe5t-eka3
summary Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with 'editor' access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django's `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32681
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53118
published_at 2026-06-11T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53245
published_at 2026-06-12T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.5326
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32681
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.11.8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.11.8
4
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.12.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.12.5
5
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.13.2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.13.2
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32681
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32681
8
reference_url https://github.com/advisories/GHSA-xfrw-hxr5-ghqf
reference_id GHSA-xfrw-hxr5-ghqf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfrw-hxr5-ghqf
fixed_packages
0
url pkg:pypi/wagtail@2.11.8
purl pkg:pypi/wagtail@2.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-t8am-3wuh-6ka2
8
vulnerability VCID-tprz-998x-rfch
9
vulnerability VCID-w5jh-4xaa-qyg2
10
vulnerability VCID-wwur-1fuu-yka1
11
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.8
1
url pkg:pypi/wagtail@2.12rc1
purl pkg:pypi/wagtail@2.12rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-t8am-3wuh-6ka2
8
vulnerability VCID-tprz-998x-rfch
9
vulnerability VCID-w5jh-4xaa-qyg2
10
vulnerability VCID-wwur-1fuu-yka1
11
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12rc1
2
url pkg:pypi/wagtail@2.12.5
purl pkg:pypi/wagtail@2.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-t8am-3wuh-6ka2
8
vulnerability VCID-tprz-998x-rfch
9
vulnerability VCID-w5jh-4xaa-qyg2
10
vulnerability VCID-wwur-1fuu-yka1
11
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.5
3
url pkg:pypi/wagtail@2.13rc1
purl pkg:pypi/wagtail@2.13rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-pdza-s2q4-cbe2
6
vulnerability VCID-r4v4-7425-yqgd
7
vulnerability VCID-t8am-3wuh-6ka2
8
vulnerability VCID-tprz-998x-rfch
9
vulnerability VCID-w5jh-4xaa-qyg2
10
vulnerability VCID-wwur-1fuu-yka1
11
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13rc1
4
url pkg:pypi/wagtail@2.13.2
purl pkg:pypi/wagtail@2.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-cjcd-dc6y-27gb
2
vulnerability VCID-feyw-n44z-cuc9
3
vulnerability VCID-gmht-envk-pbd8
4
vulnerability VCID-kqwq-kfbc-p3gk
5
vulnerability VCID-mcfk-qckt-eug8
6
vulnerability VCID-pdza-s2q4-cbe2
7
vulnerability VCID-r4v4-7425-yqgd
8
vulnerability VCID-t8am-3wuh-6ka2
9
vulnerability VCID-tprz-998x-rfch
10
vulnerability VCID-w5jh-4xaa-qyg2
11
vulnerability VCID-wwur-1fuu-yka1
12
vulnerability VCID-yu3w-ev5z-uuhc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13.2
aliases CVE-2021-32681, GHSA-xfrw-hxr5-ghqf, PYSEC-2021-103
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3a5-fe5t-eka3
15
url VCID-zbkt-z3x3-uybf
vulnerability_id VCID-zbkt-z3x3-uybf
summary Possible XSS attack in Wagtail
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11001
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.58357
published_at 2026-06-12T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.58245
published_at 2026-06-11T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.58373
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11001
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-152.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-152.yaml
2
reference_url https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389
3
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.8.1
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.8.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11001
reference_id CVE-2020-11001
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11001
5
reference_url https://github.com/advisories/GHSA-v2wc-pfq2-5cm6
reference_id GHSA-v2wc-pfq2-5cm6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2wc-pfq2-5cm6
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6
reference_id GHSA-v2wc-pfq2-5cm6
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6
fixed_packages
0
url pkg:pypi/wagtail@2.7.2
purl pkg:pypi/wagtail@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-n376-vr5v-c7hh
6
vulnerability VCID-pdza-s2q4-cbe2
7
vulnerability VCID-r4v4-7425-yqgd
8
vulnerability VCID-rvs7-5u4q-gyfz
9
vulnerability VCID-sgr3-pxdc-p7fa
10
vulnerability VCID-t8am-3wuh-6ka2
11
vulnerability VCID-tprz-998x-rfch
12
vulnerability VCID-w5jh-4xaa-qyg2
13
vulnerability VCID-wwur-1fuu-yka1
14
vulnerability VCID-yu3w-ev5z-uuhc
15
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.2
1
url pkg:pypi/wagtail@2.8rc1
purl pkg:pypi/wagtail@2.8rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-n376-vr5v-c7hh
6
vulnerability VCID-pdza-s2q4-cbe2
7
vulnerability VCID-r4v4-7425-yqgd
8
vulnerability VCID-rvs7-5u4q-gyfz
9
vulnerability VCID-sgr3-pxdc-p7fa
10
vulnerability VCID-t8am-3wuh-6ka2
11
vulnerability VCID-tprz-998x-rfch
12
vulnerability VCID-w5jh-4xaa-qyg2
13
vulnerability VCID-wwur-1fuu-yka1
14
vulnerability VCID-yu3w-ev5z-uuhc
15
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.8rc1
2
url pkg:pypi/wagtail@2.8.1
purl pkg:pypi/wagtail@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uqp-knu1-sybq
1
vulnerability VCID-feyw-n44z-cuc9
2
vulnerability VCID-gmht-envk-pbd8
3
vulnerability VCID-kqwq-kfbc-p3gk
4
vulnerability VCID-mcfk-qckt-eug8
5
vulnerability VCID-n376-vr5v-c7hh
6
vulnerability VCID-pdza-s2q4-cbe2
7
vulnerability VCID-r4v4-7425-yqgd
8
vulnerability VCID-rvs7-5u4q-gyfz
9
vulnerability VCID-sgr3-pxdc-p7fa
10
vulnerability VCID-t8am-3wuh-6ka2
11
vulnerability VCID-tprz-998x-rfch
12
vulnerability VCID-w5jh-4xaa-qyg2
13
vulnerability VCID-wwur-1fuu-yka1
14
vulnerability VCID-yu3w-ev5z-uuhc
15
vulnerability VCID-z3a5-fe5t-eka3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.8.1
aliases CVE-2020-11001, GHSA-v2wc-pfq2-5cm6, PYSEC-2020-152
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbkt-z3x3-uybf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@1.12.6