wagtail
PyPI18 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting wagtailpage 1 of 1
- CVE-2020-11001MEDIUMCVSS 5.8EG 5.8✓ Fixed in 2.7.22020-04-14
vulnerable: 1.9 ... 2.7.1 (56 versions)
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin co…
- CVE-2020-11037MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.7.32020-04-30
vulnerable: 2.7, 2.7.1, 2.7.2, 2.8, 2.8.1
In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-b…
- CVE-2020-15118MEDIUMCVSS 5.7EG 5.7✓ Fixed in 2.9.32020-07-20
vulnerable: 2.7 ... 2.9.2 (7 versions)
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p…
- CVE-2021-29434MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.12.42021-04-19
vulnerable: 0.1 ... 2.12.3 (142 versions)
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. …
- CVE-2021-32681MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.11.82021-06-17
vulnerable: 0.1 ... 2.9rc1 (146 versions)
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is us…
- CVE-2022-21683LOWCVSS 3.5EG 3.5✓ Fixed in 2.15.22022-01-18
vulnerable: 2.13 ... 2.15rc2 (14 versions)
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, …
- CVE-2023-28836MEDIUMCVSS 6.4EG 6.4✓ Fixed in 4.1.42023-04-03
vulnerable: 1.10 ... 4.2.1 (157 versions)
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin inter…
- CVE-2023-28837MEDIUMCVSS 4.9EG 4.9✓ Fixed in 4.1.42023-04-03
vulnerable: 0.1 ... 4.2.1 (198 versions)
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded …
- CVE-2023-45809LOWCVSS 2.7EG 2.7✓ Fixed in 5.1.32023-10-19
vulnerable: 0.1 ... 5.1.2 (215 versions)
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While au…
- CVE-2024-32882LOWCVSS 2.7EG 2.7✓ Fixed in 6.0.32024-05-02
vulnerable: 6.0, 6.0.1, 6.0.2
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `Fie…
- CVE-2024-35228MEDIUMCVSS 5.5EG 5.5✓ Fixed in 6.1.22024-05-30
vulnerable: 6.1, 6.1.1
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view …
- CVE-2024-39317MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.2.62024-07-11
vulnerable: 2.0 ... 6.1.2 (155 versions)
Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characte…
- CVE-2026-25517LOWCVSS 2.7EG 2.7✓ Fixed in 6.3.62026-02-04
vulnerable: 0.1 ... 6.3rc2 (258 versions)
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge o…
- CVE-2026-44197MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.3.22026-05-11
vulnerable: 0.1 ... 7.3rc1 (285 versions)
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primar…
- CVE-2026-44198MEDIUMCVSS 4.3EG 4.3✓ Fixed in 7.3.22026-05-11
vulnerable: 0.1 ... 7.3rc1 (285 versions)
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of s…
- CVE-2026-44199MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.3.22026-05-11
vulnerable: 0.1 ... 7.3rc1 (285 versions)
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submissio…
- CVE-2026-44200MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.3.22026-05-11
vulnerable: 0.1 ... 7.3rc1 (285 versions)
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be …
- CVE-2026-44201MEDIUMCVSS 5.3EG 5.3✓ Fixed in 7.3.22026-05-11
vulnerable: 0.1 ... 7.3rc1 (285 versions)
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and nam…
Check whether wagtail is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for wagtail CVEs against the assets you own.
Start Free Scan →