Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Wagtail has improper permission handling when copying pages Moderate
CVE-2026-44200 was published for wagtail (pip) May 8, 2026
RealOrangeOne Credited to RealOrangeOne and thesanjok thesanjok thesanjok
Wagtail has improper restriction handling on Documents and Images API Moderate
CVE-2026-44201 was published for wagtail (pip) May 8, 2026
thesanjok Credited to thesanjok and RealOrangeOne RealOrangeOne RealOrangeOne
Wagtail has improper permission handling when deleting form submissions Moderate
CVE-2026-44199 was published for wagtail (pip) May 8, 2026
RealOrangeOne Credited to RealOrangeOne and shukla304 shukla304 shukla304
Wagtail has improper permission handling when viewing page history Moderate
CVE-2026-44198 was published for wagtail (pip) May 8, 2026
RealOrangeOne Credited to RealOrangeOne and seoyoung-kang seoyoung-kang seoyoung-kang
Wagtail has improper permission handling when comparing revisions Moderate
CVE-2026-44197 was published for wagtail (pip) May 8, 2026
RealOrangeOne Credited to RealOrangeOne and seoyoung-kang seoyoung-kang seoyoung-kang
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface Moderate
CVE-2026-28223 was published for wagtail (pip) Mar 3, 2026
GCXWLP Credited to GCXWLP, RealOrangeOne, and gasman RealOrangeOne RealOrangeOne
gasman gasman
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes Moderate
CVE-2026-28222 was published for wagtail (pip) Mar 3, 2026
GCXWLP Credited to GCXWLP, RealOrangeOne, and gasman RealOrangeOne RealOrangeOne
gasman gasman
Wagtail has improper permission handling on admin preview endpoints Moderate
CVE-2026-25517 was published for wagtail (pip) Feb 3, 2026
thxtech Credited to thxtech, gasman, RealOrangeOne, and laymonage gasman gasman
RealOrangeOne RealOrangeOne laymonage laymonage
Wagtail regular expression denial-of-service via search query parsing High
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne Credited to RealOrangeOne
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` Moderate
CVE-2024-35228 was published for wagtail (pip) Jun 2, 2024
engineervix Credited to engineervix, gasman, and RealOrangeOne gasman gasman
RealOrangeOne RealOrangeOne
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` Low
CVE-2024-32882 was published for wagtail (pip) May 1, 2024
jams2 Credited to jams2, Morsey187, RealOrangeOne, and laymonage Morsey187 Morsey187
RealOrangeOne RealOrangeOne laymonage laymonage
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files Moderate
CVE-2023-28837 was published for wagtail (pip) Apr 3, 2023
RealOrangeOne Credited to RealOrangeOne
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database