pretalx

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pretalxpage 1 of 1

CVE-2023-28458MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.3.2
2023-04-20
vulnerable: 2.3.1
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
CVE-2023-28459MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.3.2
2023-04-20
vulnerable: 2.3.1
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
CVE-2026-41241HIGHCVSS 8.7EG 8.7✓ Fixed in 2026.1.0
2026-04-23
vulnerable: 0.1.0 ... 2025.2.2 (43 versions)
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. A…
CVE-2026-41426MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2026.1.0
2026-04-24
vulnerable: 0.1.0 ... 2025.2.2 (43 versions)
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user…

Check whether pretalx is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pretalx CVEs against the assets you own.

Start Free Scan →