wger vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-MW8F-W6P8-XRF4Highwger: wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=NoneCVE-2026-43978Highwger: wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym…CVE-2026-43977Highwger: wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via…GHSA-V25J-WQCW-FVHJMediumwger: wger has an Uncontrolled Resource Consumption issueGHSA-VQV8-J3MJ-WJXJMediumwger: wger: trainer_login open redirect - ?next= parameter not validated against hostCVE-2026-43948Criticalwger: wger: cross-tenant password reset and plaintext disclosure via gym=None bypassGHSA-XQ9M-HMP9-FW87Highwger: wger: CSV/TSV formula injection in gym member export (first_name/last_name)CVE-2026-40353Mediumwger: wger has Stored XSS via Unescaped License Attribution FieldsCVE-2026-40474Highwger: wger has Broken Access Control in Global Gym Configuration Update EndpointCVE-2026-27839Mediumwger: wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookupCVE-2026-27838Lowwger: wger: IDOR via user-unscoped cache keys on routine API actions exposes workout dataCVE-2026-27835Mediumwger: wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout dataCVE-2023-38759Highwger: wger Workout Manager Cross-Site Request Forgery vulnerabilityCVE-2023-38758Mediumwger: wger Workout Manager Cross-site Scripting vulnerabilityCVE-2022-2650Criticalwger: wger vulnerable to brute force attempts

Stop the waste.
Protect your environment with Kodem.