tendenci

PyPI5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting tendencipage 1 of 1

CVE-2020-14942CRITICALCVSS 9.8EG 9.8✓ Fixed in 12.0.11
2020-06-21
vulnerable: 5.1.0 ... 12.0.10 (671 versions)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
CVE-2020-36962CRITICALCVSS 9.8EG 9.8
2026-01-28
vulnerable: 11.0 ... 7.5.2 (688 versions)
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the…
CVE-2025-70959MEDIUMCVSS 5.4EG 5.4
2026-02-02
vulnerable: 11.0 ... 7.5.2 (749 versions)
A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2025-70960MEDIUMCVSS 5.4EG 5.4
2026-02-02
vulnerable: 11.0 ... 7.5.2 (749 versions)
A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2026-23946MEDIUMCVSS 6.8EG 6.8✓ Fixed in 15.3.12
2026-01-22
vulnerable: 11.0 ... 7.5.2 (753 versions)
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by def…

Check whether tendenci is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tendenci CVEs against the assets you own.

Start Free Scan →