-
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Security: wagtail/wagtail
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Regular expression denial-of-service via search query parsingGHSA-jmp3-39vp-fwg8 published
Jul 11, 2024 by gasmanModerate -
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`GHSA-xxfm-vmcf-g33f published
May 30, 2024 by laymonageModerate -
Permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`GHSA-w2v8-php4-p8hc published
May 1, 2024 by gasmanLow -
Disclosure of user names via admin bulk action viewsGHSA-fc75-58r8-rm3h published
Oct 19, 2023 by gasmanLow -
Denial-of-service via memory exhaustion when uploading large filesGHSA-33pv-vcgh-jfg9 published
Apr 3, 2023 by gasmanModerate -
Stored XSS attack via ModelAdmin viewsGHSA-5286-f2rf-35c2 published
Apr 3, 2023 by gasmanModerate -
Comment reply notifications sent to incorrect usersGHSA-xqxm-2rpm-3889 published
Jan 18, 2022 by gasmanLow -
Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocksGHSA-xfrw-hxr5-ghqf published
Jun 17, 2021 by gasmanModerate -
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fieldsGHSA-wq5h-f9p5-q7fx published
Apr 19, 2021 by gasmanModerate -
HTML injection through form field help textGHSA-2473-9hgq-j7xw published
Jul 20, 2020 by gasmanModerate