pkg:PyPI/wagtail

35 total CVEsMEDIUM29LOW5

✅ Check your installed version

All known vulnerabilities

  • MEDIUM6.5CVE-2026-44200Wagtail has improper permission handling when copying pages
    from 0, < 7.0.7, >= 7.1, < 7.3.2
  • MEDIUM6.5CVE-2026-44200Wagtail has improper permission handling when copying pages
    from 0, < 7.0.7
  • MEDIUM6.5CVE-2026-44199Wagtail has improper permission handling when deleting form submissions
    from 0, < 7.0.7
  • MEDIUM6.5CVE-2026-44199Wagtail has improper permission handling when deleting form submissions
    from 0, < 7.0.7, >= 7.1, < 7.3.2
  • MEDIUM6.5CVE-2026-44197Wagtail has improper permission handling when comparing revisions
    from 0, < 7.0.7
  • MEDIUM6.5CVE-2026-44197Wagtail has improper permission handling when comparing revisions
    from 0, < 7.0.7, >= 7.1, < 7.3.2
  • MEDIUM6.5CVE-2024-39317Wagtail regular expression denial-of-service via search query parsing
    >= 6.0, < 6.0.6
  • MEDIUM6.5CVE-2024-39317Wagtail regular expression denial-of-service via search query parsing
    from 0, < 31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2, < 3c941136f79c48446e3858df46e5b668d7f83797, < b783c096b6d4fd2cfc05f9137a0be288850e99a2 | >= 6.1, < 6.1.3, >= 6.0, < 6.0.6, >= 2.0, < 5.2.6
  • MEDIUM6.4CVE-2023-28836Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
    from 0, < eefc3381d37b476791610e5d30594fae443f33af, < bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713, < 5be2b1ed55fd7259dfdf2c82e7701dba407b8b62, < ff806ab173a504395fdfb3139eb0a29444ab4b91 | >= 4.2, < 4.2.2, >= 1.5, < 4.1.4
  • MEDIUM6.4CVE-2023-28836Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
    >= 1.5, < 4.1.4
  • MEDIUM6.1CVE-2026-28223Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
    from 0, < 6.3.8
  • MEDIUM6.1CVE-2026-28222Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
    from 0, < 6.3.8
  • MEDIUM6.1CVE-2021-29434Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
    from 0, < 2.11.7
  • MEDIUM6.1CVE-2021-29434Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
    >= 2.11, < 2.11.7, from 0, < 2.11.6, >= 2.12, < 2.12.4
  • MEDIUM6.1CVE-2020-11037Potential Observable Timing Discrepancy in Wagtail
    >= 2.8, < 2.8.2, >= 2.7, < 2.7.3
  • MEDIUM6.1CVE-2020-11037Potential Observable Timing Discrepancy in Wagtail
    from 0, < 2.7.3
  • MEDIUM5.8CVE-2020-11001Possible XSS attack in Wagtail
    from 0, < 61045ceefea114c40ac4b680af58990dbe732389 | >= 1.9, < 2.7.2
  • MEDIUM5.8CVE-2020-11001Possible XSS attack in Wagtail
    >= 1.9.0, < 2.7.2
  • MEDIUM5.7CVE-2020-15118Cross-Site Scripting in Wagtail
    >= 2.8rc1, < 2.9.3
  • MEDIUM5.7CVE-2020-15118Cross-Site Scripting in Wagtail
    from 0, < d9a41e7f24d08c024acc9a3094940199df94db34 | >= 2.7, < 2.7.4, >= 2.9, < 2.9.3
  • MEDIUM5.5CVE-2024-35228Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
    >= 6.0.0, < 6.0.5
  • MEDIUM5.4CVE-2021-32681Cross-site Scripting in wagtail
    from 0, < 2.11.8
  • MEDIUM5.4CVE-2021-32681Cross-site Scripting in wagtail
    >= 2.13, < 2.13.2, >= 2.12, < 2.12.5, from 0, < 2.11.8
  • MEDIUM5.3CVE-2026-44201Wagtail has improper restriction handling on Documents and Images API
    from 0, < 7.0.7, >= 7.1, < 7.3.2
  • MEDIUM5.3CVE-2026-44201Wagtail has improper restriction handling on Documents and Images API
    from 0, < 7.0.7
  • MEDIUM4.4CVE-2023-28837Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
    from 0, < cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf, < 3c0c64642b9e5b8d28b111263c7f4bddad6c3880, < c9d2fcd650a88d76ae122646142245e5927a9165, < d4022310cbe497993459c3136311467c7ac6329a | >= 4.2, < 4.2.2, from 0, < 4.1.4
  • MEDIUM4.4CVE-2023-28837Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
    >= 4.2, < 4.2.2
  • MEDIUM4.3CVE-2026-44198Wagtail has improper permission handling when viewing page history
    from 0, < 7.0.7, >= 7.1, < 7.3.2
  • MEDIUM4.3CVE-2026-44198Wagtail has improper permission handling when viewing page history
    from 0, < 7.0.7
  • LOW3.5CVE-2022-21683Comment reply notifications sent to incorrect users
    from 0, < 5fe901e5d86ed02dbbb63039a897582951266afd | >= 2.13, < 2.15.2
  • LOW3.5CVE-2022-21683Comment reply notifications sent to incorrect users
    >= 2.13, < 2.15.2
  • LOW2.7CVE-2024-32882Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
    >= 6.0.0, < 6.0.3
  • LOW2.7CVE-2023-45809Wagtail vulnerable to disclosure of user names via admin bulk action views
    from 0, < 4.1.9
  • LOW2.7CVE-2023-45809Wagtail vulnerable to disclosure of user names via admin bulk action views
    from 0, < bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b | from 0, < 4.1.9, >= 4.2, < 5.0.5, >= 5.1, < 5.1.3
  • CVE-2026-25517Wagtail has improper permission handling on admin preview endpoints
    from 0, < 6.3.6