VDB
KO
MEDIUM 6.1

PYSEC-2026-1402

GI-DocGen vulnerable to Reflected XSS via unescaped query strings

Details

A flaw was found in GI-DocGen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / gi-docgen
Introduced in: 0 Fixed in: 2025.5
Fix pip install --upgrade 'gi-docgen>=2025.5'

References