Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64101?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64101?format=api", "purl": "pkg:pypi/wagtail@0.1", "type": "pypi", "namespace": "", "name": "wagtail", "version": "0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.0.7", "latest_non_vulnerable_version": "7.3.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67858?format=api", "vulnerability_id": "VCID-7uqp-knu1-sybq", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10234", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11896", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44197" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-146.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-146.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197" }, { "reference_url": "https://github.com/advisories/GHSA-c6wj-9vcj-75pj", "reference_id": "GHSA-c6wj-9vcj-75pj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6wj-9vcj-75pj" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj", "reference_id": "GHSA-c6wj-9vcj-75pj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93072?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/93073?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44197", "GHSA-c6wj-9vcj-75pj", "PYSEC-2026-146" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uqp-knu1-sybq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69261?format=api", "vulnerability_id": "VCID-feyw-n44z-cuc9", "summary": "Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the \"Translate\" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13925", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14042", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28223" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863", "reference_id": "1c6f2effed68f4ccad6fbd07987e03641505f863", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19", "reference_id": "ba70244d376a7b1bd180ded03e827917ff410c19", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28223", "reference_id": "CVE-2026-28223", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28223" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c", "reference_id": "d8c5900982df8ed5938ad993aa9ff69cda50f80c", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143", "reference_id": "ee39d39deeb7f250fe886417b24802d7e05b1143", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143" }, { "reference_url": "https://github.com/advisories/GHSA-p4v8-rw59-93cq", "reference_id": "GHSA-p4v8-rw59-93cq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p4v8-rw59-93cq" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq", "reference_id": "GHSA-p4v8-rw59-93cq", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.8", "reference_id": "v6.3.8", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.8" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.6", "reference_id": "v7.0.6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.6" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.3", "reference_id": "v7.2.3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.3" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.3.1", "reference_id": "v7.3.1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.3.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40103?format=api", "purl": "pkg:pypi/wagtail@6.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/40101?format=api", "purl": "pkg:pypi/wagtail@7.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/40099?format=api", "purl": "pkg:pypi/wagtail@7.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/40100?format=api", "purl": "pkg:pypi/wagtail@7.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1" } ], "aliases": [ "CVE-2026-28223", "GHSA-p4v8-rw59-93cq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feyw-n44z-cuc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46880?format=api", "vulnerability_id": "VCID-gmht-envk-pbd8", "summary": "Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56397", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56278", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39317" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2024-86.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2024-86.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2", "reference_id": "31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797", "reference_id": "3c941136f79c48446e3858df46e5b668d7f83797", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2", "reference_id": "b783c096b6d4fd2cfc05f9137a0be288850e99a2", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39317", "reference_id": "CVE-2024-39317", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39317" }, { "reference_url": "https://github.com/advisories/GHSA-jmp3-39vp-fwg8", "reference_id": "GHSA-jmp3-39vp-fwg8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmp3-39vp-fwg8" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8", "reference_id": "GHSA-jmp3-39vp-fwg8", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:46:41Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32606?format=api", "purl": "pkg:pypi/wagtail@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84301?format=api", "purl": "pkg:pypi/wagtail@6.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/32608?format=api", "purl": "pkg:pypi/wagtail@6.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84305?format=api", "purl": "pkg:pypi/wagtail@6.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/32604?format=api", "purl": "pkg:pypi/wagtail@6.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1.3" } ], "aliases": [ "CVE-2024-39317", "GHSA-jmp3-39vp-fwg8", "PYSEC-2024-86" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmht-envk-pbd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218348?format=api", "vulnerability_id": "VCID-kqwq-kfbc-p3gk", "summary": "Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46279", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46135", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45809" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.9" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v5.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v5.0.5" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v5.1.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v5.1.3" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45809", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45809" }, { "reference_url": "https://github.com/advisories/GHSA-fc75-58r8-rm3h", "reference_id": "GHSA-fc75-58r8-rm3h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fc75-58r8-rm3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79543?format=api", "purl": "pkg:pypi/wagtail@4.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/75455?format=api", "purl": "pkg:pypi/wagtail@4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79544?format=api", "purl": "pkg:pypi/wagtail@5.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/84293?format=api", "purl": "pkg:pypi/wagtail@5.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79545?format=api", "purl": "pkg:pypi/wagtail@5.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1.3" } ], "aliases": [ "CVE-2023-45809", "GHSA-fc75-58r8-rm3h", "PYSEC-2023-219" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqwq-kfbc-p3gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67766?format=api", "vulnerability_id": "VCID-mcfk-qckt-eug8", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02019", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02554", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44201" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201" }, { "reference_url": "https://github.com/advisories/GHSA-p5gm-92h4-6pv6", "reference_id": "GHSA-p5gm-92h4-6pv6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5gm-92h4-6pv6" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6", "reference_id": "GHSA-p5gm-92h4-6pv6", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93072?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/93073?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44201", "GHSA-p5gm-92h4-6pv6", "PYSEC-2026-150" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcfk-qckt-eug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204755?format=api", "vulnerability_id": "VCID-n376-vr5v-c7hh", "summary": "Potential Observable Timing Discrepancy in Wagtail", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16874", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16724", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11037" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-153.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-153.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11037", "reference_id": "CVE-2020-11037", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11037" }, { "reference_url": "https://github.com/advisories/GHSA-jjjr-3jcw-f8v6", "reference_id": "GHSA-jjjr-3jcw-f8v6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjjr-3jcw-f8v6" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6", "reference_id": "GHSA-jjjr-3jcw-f8v6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16432?format=api", "purl": "pkg:pypi/wagtail@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-rvs7-5u4q-gyfz" }, { "vulnerability": "VCID-sgr3-pxdc-p7fa" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/16434?format=api", "purl": "pkg:pypi/wagtail@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-rvs7-5u4q-gyfz" }, { "vulnerability": "VCID-sgr3-pxdc-p7fa" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/16431?format=api", "purl": "pkg:pypi/wagtail@2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-rvs7-5u4q-gyfz" }, { "vulnerability": "VCID-sgr3-pxdc-p7fa" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.9" } ], "aliases": [ "CVE-2020-11037", "GHSA-jjjr-3jcw-f8v6", "PYSEC-2020-153" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n376-vr5v-c7hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134185?format=api", "vulnerability_id": "VCID-pdza-s2q4-cbe2", "summary": "Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the \"Choose a parent page\" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.7841", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78478", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28836" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28836", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28836" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62", "reference_id": "5be2b1ed55fd7259dfdf2c82e7701dba407b8b62", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713", "reference_id": "bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713" }, { "reference_url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview", "reference_id": "chooseparentview.html#customising-chooseparentview", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af", "reference_id": "eefc3381d37b476791610e5d30594fae443f33af", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91", "reference_id": "ff806ab173a504395fdfb3139eb0a29444ab4b91", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91" }, { "reference_url": "https://github.com/advisories/GHSA-5286-f2rf-35c2", "reference_id": "GHSA-5286-f2rf-35c2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5286-f2rf-35c2" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2", "reference_id": "GHSA-5286-f2rf-35c2", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2" }, { "reference_url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview", "reference_id": "inspectview.html#enabling-customising-inspectview", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2", "reference_id": "v4.2.2", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75454?format=api", "purl": "pkg:pypi/wagtail@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75455?format=api", "purl": "pkg:pypi/wagtail@4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/75453?format=api", "purl": "pkg:pypi/wagtail@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2" } ], "aliases": [ "CVE-2023-28836", "GHSA-5286-f2rf-35c2", "PYSEC-2023-55" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdza-s2q4-cbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67645?format=api", "vulnerability_id": "VCID-r4v4-7425-yqgd", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09019", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1057", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44198" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-147.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-147.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198" }, { "reference_url": "https://github.com/advisories/GHSA-c4mr-889m-vgf6", "reference_id": "GHSA-c4mr-889m-vgf6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4mr-889m-vgf6" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6", "reference_id": "GHSA-c4mr-889m-vgf6", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93072?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/93073?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44198", "GHSA-c4mr-889m-vgf6", "PYSEC-2026-147" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4v4-7425-yqgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205047?format=api", "vulnerability_id": "VCID-rvs7-5u4q-gyfz", "summary": "Cross-Site Scripting in Wagtail", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69893", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69802", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15118" }, { "reference_url": "https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text" }, { "reference_url": "https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-154.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-154.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15118", "reference_id": "CVE-2020-15118", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15118" }, { "reference_url": "https://github.com/advisories/GHSA-2473-9hgq-j7xw", "reference_id": "GHSA-2473-9hgq-j7xw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2473-9hgq-j7xw" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw", "reference_id": "GHSA-2473-9hgq-j7xw", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16759?format=api", "purl": "pkg:pypi/wagtail@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-sgr3-pxdc-p7fa" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/16760?format=api", "purl": "pkg:pypi/wagtail@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-sgr3-pxdc-p7fa" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.9.3" } ], "aliases": [ "CVE-2020-15118", "GHSA-2473-9hgq-j7xw", "PYSEC-2020-154" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvs7-5u4q-gyfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218132?format=api", "vulnerability_id": "VCID-sgr3-pxdc-p7fa", "summary": "Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51046", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51176", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29434" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c" }, { "reference_url": "https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29434", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29434" }, { "reference_url": "https://pypi.org/project/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/wagtail" }, { "reference_url": "https://pypi.org/project/wagtail/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/wagtail/" }, { "reference_url": "https://github.com/advisories/GHSA-wq5h-f9p5-q7fx", "reference_id": "GHSA-wq5h-f9p5-q7fx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq5h-f9p5-q7fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64170?format=api", "purl": "pkg:pypi/wagtail@2.11.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-sgr3-pxdc-p7fa" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64175?format=api", "purl": "pkg:pypi/wagtail@2.11.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/64176?format=api", "purl": "pkg:pypi/wagtail@2.12.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" }, { "vulnerability": "VCID-z3a5-fe5t-eka3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.4" } ], "aliases": [ "CVE-2021-29434", "GHSA-wq5h-f9p5-q7fx", "PYSEC-2021-114" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgr3-pxdc-p7fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67759?format=api", "vulnerability_id": "VCID-t8am-3wuh-6ka2", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08198", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09612", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44200" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200" }, { "reference_url": "https://github.com/advisories/GHSA-67rv-mg8q-5pf3", "reference_id": "GHSA-67rv-mg8q-5pf3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67rv-mg8q-5pf3" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3", "reference_id": "GHSA-67rv-mg8q-5pf3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93072?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/93073?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44200", "GHSA-67rv-mg8q-5pf3", "PYSEC-2026-149" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8am-3wuh-6ka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134072?format=api", "vulnerability_id": "VCID-tprz-998x-rfch", "summary": "Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service.\n\nThe vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents.\n\nImage uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. \n\nPatched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.013", "scoring_system": "epss", "scoring_elements": "0.80208", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.013", "scoring_system": "epss", "scoring_elements": "0.80146", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28837" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28837", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28837" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880", "reference_id": "3c0c64642b9e5b8d28b111263c7f4bddad6c3880", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165", "reference_id": "c9d2fcd650a88d76ae122646142245e5927a9165", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf", "reference_id": "cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a", "reference_id": "d4022310cbe497993459c3136311467c7ac6329a", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a" }, { "reference_url": "https://github.com/advisories/GHSA-33pv-vcgh-jfg9", "reference_id": "GHSA-33pv-vcgh-jfg9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33pv-vcgh-jfg9" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9", "reference_id": "GHSA-33pv-vcgh-jfg9", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9" }, { "reference_url": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size", "reference_id": "settings.html#wagtailimages-max-upload-size", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4", "reference_id": "v4.1.4", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2", "reference_id": "v4.2.2", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75454?format=api", "purl": "pkg:pypi/wagtail@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75455?format=api", "purl": "pkg:pypi/wagtail@4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/75453?format=api", "purl": "pkg:pypi/wagtail@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2" } ], "aliases": [ "CVE-2023-28837", "GHSA-33pv-vcgh-jfg9", "PYSEC-2023-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tprz-998x-rfch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69146?format=api", "vulnerability_id": "VCID-w5jh-4xaa-qyg2", "summary": "Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code when the page is viewed. When viewed by a user with higher privileges, this could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites using TableBlock. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29493", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2969", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28222" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d", "reference_id": "0375094bb57ce6e527005c2bb2e871dd20bca04d", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e", "reference_id": "4620423cb22c5253391a0f04178089c1162f6e2e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85", "reference_id": "575c0d7c18c7716ed73f7a3c2720ad75956f0a85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b", "reference_id": "605a5569686565e035313222e1bc2f9802fbc55b", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28222", "reference_id": "CVE-2026-28222", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28222" }, { "reference_url": "https://github.com/advisories/GHSA-p5cm-246w-84jm", "reference_id": "GHSA-p5cm-246w-84jm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5cm-246w-84jm" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm", "reference_id": "GHSA-p5cm-246w-84jm", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.8", "reference_id": "v6.3.8", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.8" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.6", "reference_id": "v7.0.6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.6" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.3", "reference_id": "v7.2.3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.3" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.3.1", "reference_id": "v7.3.1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.3.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40103?format=api", "purl": "pkg:pypi/wagtail@6.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/40101?format=api", "purl": "pkg:pypi/wagtail@7.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/40099?format=api", "purl": "pkg:pypi/wagtail@7.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/40100?format=api", "purl": "pkg:pypi/wagtail@7.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1" } ], "aliases": [ "CVE-2026-28222", "GHSA-p5cm-246w-84jm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5jh-4xaa-qyg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68053?format=api", "vulnerability_id": "VCID-wwur-1fuu-yka1", "summary": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1109", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44199" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199" }, { "reference_url": "https://github.com/advisories/GHSA-pwm3-7fv4-g6xx", "reference_id": "GHSA-pwm3-7fv4-g6xx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwm3-7fv4-g6xx" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx", "reference_id": "GHSA-pwm3-7fv4-g6xx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93072?format=api", "purl": "pkg:pypi/wagtail@7.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/93073?format=api", "purl": "pkg:pypi/wagtail@7.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2" } ], "aliases": [ "CVE-2026-44199", "GHSA-pwm3-7fv4-g6xx", "PYSEC-2026-148" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwur-1fuu-yka1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65665?format=api", "vulnerability_id": "VCID-yu3w-ev5z-uuhc", "summary": "Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02997", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03009", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25517" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v6.3.6" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.0.4" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.1.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.1.3" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.2.2" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v7.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v7.3" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719", "reference_id": "01fd3477365a193e6a8270311defb76e890d2719", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f", "reference_id": "5f09b6da61e779b0e8499bdbba52bf2f7bd3241f", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190", "reference_id": "73f070dbefbd3b39ea6649ce36bd2d2a6eef2190", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915", "reference_id": "7dfe8de5f8b3f112c73c87b6729197db16454915", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25517", "reference_id": "CVE-2026-25517", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25517" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03", "reference_id": "dd824023a031f1b82a6b6f83a97a5c73391b7c03", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03" }, { "reference_url": "https://github.com/advisories/GHSA-4qvv-g3vr-m348", "reference_id": "GHSA-4qvv-g3vr-m348", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qvv-g3vr-m348" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348", "reference_id": "GHSA-4qvv-g3vr-m348", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38667?format=api", "purl": "pkg:pypi/wagtail@6.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/38665?format=api", "purl": "pkg:pypi/wagtail@7.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/38662?format=api", "purl": "pkg:pypi/wagtail@7.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/38671?format=api", "purl": "pkg:pypi/wagtail@7.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/38658?format=api", "purl": "pkg:pypi/wagtail@7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3" } ], "aliases": [ "CVE-2026-25517", "GHSA-4qvv-g3vr-m348" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu3w-ev5z-uuhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218168?format=api", "vulnerability_id": "VCID-z3a5-fe5t-eka3", "summary": "Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with 'editor' access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django's `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.53118", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.53245", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32681" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v2.11.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.11.8" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v2.12.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.12.5" }, { "reference_url": "https://github.com/wagtail/wagtail/releases/tag/v2.13.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.13.2" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32681", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32681" }, { "reference_url": "https://github.com/advisories/GHSA-xfrw-hxr5-ghqf", "reference_id": "GHSA-xfrw-hxr5-ghqf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xfrw-hxr5-ghqf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65380?format=api", "purl": "pkg:pypi/wagtail@2.11.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/75417?format=api", "purl": "pkg:pypi/wagtail@2.12rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/65381?format=api", "purl": "pkg:pypi/wagtail@2.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/75419?format=api", "purl": "pkg:pypi/wagtail@2.13rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/65382?format=api", "purl": "pkg:pypi/wagtail@2.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7uqp-knu1-sybq" }, { "vulnerability": "VCID-cjcd-dc6y-27gb" }, { "vulnerability": "VCID-feyw-n44z-cuc9" }, { "vulnerability": "VCID-gmht-envk-pbd8" }, { "vulnerability": "VCID-kqwq-kfbc-p3gk" }, { "vulnerability": "VCID-mcfk-qckt-eug8" }, { "vulnerability": "VCID-pdza-s2q4-cbe2" }, { "vulnerability": "VCID-r4v4-7425-yqgd" }, { "vulnerability": "VCID-t8am-3wuh-6ka2" }, { "vulnerability": "VCID-tprz-998x-rfch" }, { "vulnerability": "VCID-w5jh-4xaa-qyg2" }, { "vulnerability": "VCID-wwur-1fuu-yka1" }, { "vulnerability": "VCID-yu3w-ev5z-uuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13.2" } ], "aliases": [ "CVE-2021-32681", "GHSA-xfrw-hxr5-ghqf", "PYSEC-2021-103" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3a5-fe5t-eka3" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@0.1" }