pkg:PyPI/pretix

All known vulnerabilities

• HIGH7.8CVE-2023-44464pretix allows Pillow to parse EPS files
  from 0, < 2023.7.2
• HIGH7.5CVE-2023-27891Insufficient Session Expiration in pretix
  from 0, < 4.17.1
• HIGH7.5CVE-2023-27891Insufficient Session Expiration in pretix
  >= 4.17.0, < 4.17.1
• MEDIUM6.1CVE-2025-13742Emails sent by pretix can utilize placeholders that will be filled with customer data.
  >= 1.0.0, < 2025.7.2
• MEDIUM5.9CVE-2026-2415pretix unsafely evaluates variables in emails
  >= 4.16.0, < 2026.1.1
• MEDIUM5.9CVE-2026-2415pretix unsafely evaluates variables in emails
  >= 2026.1.0, < 2026.1.1
• MEDIUM5.4CVE-2024-8113pretix Stored Cross-site Scripting vulnerability
  from 0, < 2024.7.1
• MEDIUM5.4CVE-2024-8113pretix Stored Cross-site Scripting vulnerability
  from 0, < 2024.7.1
• MEDIUM5.3CVE-2023-44463pretix potential IP address spoofing vulnerability
  from 0, < 2023.7.1
• MEDIUM5.3CVE-2023-44463pretix potential IP address spoofing vulnerability
  from 0, < ccdce2ccb8207b82501af3c03f50abc0f819b469 | from 0, < 2023.7.1
• MEDIUM4.3CVE-2026-5600pretix: API leaks check-in data between events of the same organizer
  >= 2025.10.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.1
• MEDIUM4.3CVE-2026-5600pretix: API leaks check-in data between events of the same organizer
  >= 2026.3.0, < 2026.3.1
• —CVE-2025-14882pretix has Broken Access Control Allowing Cross-User File Access via UUID
  >= 2025.10.0, < 2025.10.1
• —CVE-2025-14881pretix has Broken Access Control Allowing Cross-User File Access via UUID
  >= 2025.10.0, < 2025.10.1
• —CVE-2024-27447pretix mishandles file validation
  from 0, < 2024.1.1
• —CVE-2024-27447pretix mishandles file validation
  from 0, < 2024.1.1