— PyPI
PYSEC-2020-152 · CVE-2020-11001, GHSA-v2wc-pfq2-5cm6 Modified: 11/8/2023
package
PyPI / wagtail
pkg:pypi/wagtail
— PyPI
PYSEC-2020-153 · CVE-2020-11037, GHSA-jjjr-3jcw-f8v6 Modified: 6/8/2026
— PyPI
PYSEC-2020-154 · CVE-2020-15118, GHSA-2473-9hgq-j7xw Modified: 11/8/2023
— PyPI
PYSEC-2021-103 · CVE-2021-32681, GHSA-xfrw-hxr5-ghqf Modified: 6/8/2026
— PyPI
PYSEC-2021-114 · CVE-2021-29434, GHSA-wq5h-f9p5-q7fx Modified: 11/8/2023
— PyPI
PYSEC-2022-13 · CVE-2022-21683, GHSA-xqxm-2rpm-3889 Modified: 11/8/2023
LOW 2.7 PyPI
PYSEC-2023-219 · CVE-2023-45809, GHSA-fc75-58r8-rm3h Modified: 11/8/2023
— PyPI
PYSEC-2023-55 · CVE-2023-28836, GHSA-5286-f2rf-35c2 Modified: 6/8/2026
— PyPI
PYSEC-2023-56 · CVE-2023-28837, GHSA-33pv-vcgh-jfg9 Modified: 11/8/2023
MEDIUM 4.9 PyPI
PYSEC-2024-86 · CVE-2024-39317, GHSA-jmp3-39vp-fwg8 Modified: 6/8/2026
MEDIUM 6.5 PyPI
PYSEC-2026-146 · CVE-2026-44197, GHSA-c6wj-9vcj-75pj Modified: 5/20/2026
MEDIUM 4.3 PyPI
PYSEC-2026-147 · CVE-2026-44198, GHSA-c4mr-889m-vgf6 Modified: 5/20/2026
MEDIUM 6.5 PyPI
PYSEC-2026-148 · CVE-2026-44199, GHSA-pwm3-7fv4-g6xx Modified: 5/20/2026
MEDIUM 6.5 PyPI
PYSEC-2026-149 · CVE-2026-44200, GHSA-67rv-mg8q-5pf3 Modified: 5/20/2026
MEDIUM 5.3 PyPI
PYSEC-2026-150 · CVE-2026-44201, GHSA-p5gm-92h4-6pv6 Modified: 5/20/2026
MEDIUM 5.7 PyPI
GHSA-2473-9hgq-j7xw · CVE-2020-15118, PYSEC-2020-154 Cross-Site Scripting in Wagtail
Modified: 3/13/2026
MEDIUM 4.4 PyPI
GHSA-33pv-vcgh-jfg9 · CVE-2023-28837, PYSEC-2023-56 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Modified: 11/19/2024
MEDIUM PyPI
GHSA-4qvv-g3vr-m348 · CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Modified: 2/4/2026
MEDIUM 6.4 PyPI
GHSA-5286-f2rf-35c2 · CVE-2023-28836, PYSEC-2023-55 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
Modified: 11/19/2024
MEDIUM 6.5 PyPI
GHSA-67rv-mg8q-5pf3 · CVE-2026-44200, PYSEC-2026-149 Wagtail has improper permission handling when copying pages
Modified: 5/20/2026
MEDIUM 4.3 PyPI
GHSA-c4mr-889m-vgf6 · CVE-2026-44198, PYSEC-2026-147 Wagtail has improper permission handling when viewing page history
Modified: 5/20/2026
MEDIUM 6.5 PyPI
GHSA-c6wj-9vcj-75pj · CVE-2026-44197, PYSEC-2026-146 Wagtail has improper permission handling when comparing revisions
Modified: 5/20/2026
LOW 2.7 PyPI
GHSA-fc75-58r8-rm3h · CVE-2023-45809, PYSEC-2023-219 Wagtail vulnerable to disclosure of user names via admin bulk action views
Modified: 2/16/2024
MEDIUM 6.1 PyPI
GHSA-jjjr-3jcw-f8v6 · CVE-2020-11037, PYSEC-2020-153 Potential Observable Timing Discrepancy in Wagtail
Modified: 3/13/2026
MEDIUM 6.5 PyPI
GHSA-jmp3-39vp-fwg8 · CVE-2024-39317, PYSEC-2024-86 Wagtail regular expression denial-of-service via search query parsing
Modified: 11/19/2024
MEDIUM 6.1 PyPI
GHSA-p4v8-rw59-93cq · CVE-2026-28223 Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
Modified: 3/5/2026
MEDIUM 6.1 PyPI
GHSA-p5cm-246w-84jm · CVE-2026-28222 Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Modified: 3/5/2026
MEDIUM 5.3 PyPI
GHSA-p5gm-92h4-6pv6 · CVE-2026-44201, PYSEC-2026-150 Wagtail has improper restriction handling on Documents and Images API
Modified: 5/20/2026
MEDIUM 6.5 PyPI
GHSA-pwm3-7fv4-g6xx · CVE-2026-44199, PYSEC-2026-148 Wagtail has improper permission handling when deleting form submissions
Modified: 5/20/2026
MEDIUM 5.8 PyPI
GHSA-v2wc-pfq2-5cm6 · CVE-2020-11001, PYSEC-2020-152 Possible XSS attack in Wagtail
Modified: 3/13/2026
LOW 2.7 PyPI
GHSA-w2v8-php4-p8hc · CVE-2024-32882 Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Modified: 5/2/2024
MEDIUM 6.1 PyPI
GHSA-wq5h-f9p5-q7fx · CVE-2021-29434, PYSEC-2021-114 Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
Modified: 3/13/2026
MEDIUM 5.4 PyPI
GHSA-xfrw-hxr5-ghqf · CVE-2021-32681, PYSEC-2021-103 Cross-site Scripting in wagtail
Modified: 3/13/2026
LOW 3.5 PyPI
GHSA-xqxm-2rpm-3889 · CVE-2022-21683, PYSEC-2022-13 Comment reply notifications sent to incorrect users
Modified: 11/19/2024
MEDIUM 5.5 PyPI
GHSA-xxfm-vmcf-g33f · CVE-2024-35228 Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Modified: 6/2/2024