weblate vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-66407MediumWeblate: Weblate has a Server-Side Request Forgery issueCVE-2026-45106Mediumweblate: Weblate: Stored HTML injection in editor search previewCVE-2026-44264Mediumweblate: Weblate vulnerable to XSS via crafted MarkdownCVE-2026-44263Mediumweblate: Weblate Vulnerable to Private Translation Enumeration via Screenshot APICVE-2026-41654Mediumweblate: Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_urlCVE-2026-41519Mediumweblate: Weblate Doesn't Invalidate API Token on Password ChangeCVE-2026-40256Mediumweblate: Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix CollisionCVE-2026-39845Mediumweblate: Weblate: SSRF via the webhook add-on using unprotected fetch_url()CVE-2026-34393Highweblate: Weblate: Privilege escalation in the user API endpointCVE-2026-34244Mediumweblate: Weblate: SSRF via Project-Level Machinery Configuration CVE-2026-34242Highweblate: Weblate: Arbitrary File Read via SymlinkCVE-2026-33440Mediumweblate: Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploadsCVE-2026-33435Highweblate: Weblate: Remote code execution during backup restorationCVE-2026-33220Mediumweblate: Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repositoryCVE-2026-33214Mediumweblate: Weblate: Improper access control for the translation memory in APICVE-2026-33212Lowweblate: Weblate: Improper access control for pending tasks in APICVE-2026-27457Mediumweblate: Weblate: Missing access control for the AddonViewSet API exposes all addon configurationsCVE-2026-24126MediumWeblate: Weblate has an argument injection in management consoleCVE-2026-21889Lowweblate: Weblate leaks information via screenshotsCVE-2025-68398CriticalWeblate: Weblate is vulnerable to RCE through Git config file overwriteCVE-2025-68279HighWeblate: Weblate has an arbitrary file read via symbolic linksCVE-2025-67715MediumWeblate: Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)CVE-2025-67492MediumWeblate: Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumerationCVE-2025-64725LowWeblate: Weblate has improper validation upon invitation acceptanceCVE-2025-64326Lowweblate: Weblate leaks the IP of project member inviting user to be reviewer in Audit log

Stop the waste.
Protect your environment with Kodem.