whoogle-search
PyPI6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting whoogle-searchpage 1 of 1
- CVE-2022-25303MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.7.22022-07-12
vulnerable: 0.1.0 ... 0.7.1 (18 versions)
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in th…
- CVE-2024-22203CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.8.42024-01-23
vulnerable: 0.1.0 ... 0.8.3 (25 versions)
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which …
- CVE-2024-22204MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.8.42024-01-23
vulnerable: 0.1.0 ... 0.8.3 (25 versions)
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-…
- CVE-2024-22205CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.8.42024-01-23
vulnerable: 0.1.0 ... 0.8.3 (25 versions)
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on line…
- CVE-2024-22417MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.8.42024-01-23
vulnerable: 0.1.0 ... 0.8.3 (25 versions)
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which…
- CVE-2024-53305HIGHCVSS 7.3EG 7.3✓ Fixed in 0.9.12025-04-16
vulnerable: 0.1.0 ... 0.9.0 (27 versions)
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
Check whether whoogle-search is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for whoogle-search CVEs against the assets you own.
Start Free Scan →