Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

pretix — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting pretix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pretix is an open-source event ticketing platform used for selling tickets and managing event registrations. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control issues. The platform has faced security incidents, including a 2020 vulnerability allowing unauthorized access to event data. Pretix maintains regular security updates but remains susceptible to common web application flaws due to its complex functionality. Organizations using Pretix should implement strict access controls and promptly apply security patches to mitigate risks associated with its 10 documented CVEs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-13602 Session takeover vulnerability — pretixCWE-20--2026-07-01
CVE-2026-13603 SSRF with API key leak in pretix-oppwa — pretix-oppwaCWE-20--2026-07-01
CVE-2026-13350 venueless 授权问题漏洞 — VenuelessCWE-639--2026-06-25
CVE-2026-57532 pretix 跨站脚本漏洞 — pretixCWE-80--2026-06-25
CVE-2026-57533 pretix 跨站脚本漏洞 — pretixCWE-80--2026-06-25
CVE-2026-57535 pretix 跨站脚本漏洞 — pretixCWE-80--2026-06-25
CVE-2026-13225 Stored XSS in ticket confirmation page — pretixCWE-80--2026-06-25
CVE-2026-57534 Stored XSS in pretix-pages — pretix-pagesCWE-80--2026-06-25
CVE-2026-57536 Insufficient validation of payment status in pretix-mollie — pretix-mollieCWE-841--2026-06-25
CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa — pretix-oppwaCWE-841--2026-06-25
CVE-2026-13223 Insufficient validation of payment status in pretix-computop — pretix-computopCWE-841--2026-06-25
CVE-2026-13314 Stored XSS in pretix-digital — pretix-digitalCWE-80--2026-06-25
CVE-2026-12863 Open redirect — VenuelessCWE-601--2026-06-22
CVE-2026-12862 XLSX formula injection in exports — VenuelessCWE-148--2026-06-22
CVE-2026-11764 Data exposed without proper permission — pretixCWE-280--2026-06-09
CVE-2026-9712 Insecure direct object reference — pretixCWE-639--2026-05-27
CVE-2026-5600 pretix 安全漏洞 — pretixCWE-653 4.3AIMediumAI2026-04-08
CVE-2026-5599 API allows deletion of users of other instance — VenuelessCWE-653 6.5AIMediumAI2026-04-05
CVE-2026-4982 Unauthorized access to chat contents — VenuelessCWE-20 3.1 -2026-03-27
CVE-2026-2452 Unsafe variable evaluation in email templates — pretix-newsletterCWE-627 7.5AIHighAI2026-02-16
CVE-2026-2451 Unsafe variable evaluation in email templates — pretix-doistepCWE-627 7.5AIHighAI2026-02-16
CVE-2026-2415 Unsafe variable evaluation in email templates — pretixCWE-627 7.5AIHighAI2026-02-16
CVE-2025-14881 Insecure direct object reference — pretixCWE-639 7.5AIHighAI2025-12-19
CVE-2025-14882 Insecure direct object reference — pretix-offlinesalesCWE-639 7.5AIHighAI2025-12-19
CVE-2025-13742 Limited HTML injection in emails — pretix 4.6 -2025-11-27
CVE-2024-8113 Stored XSS in Placeholder Samples in Mail Preview — pretixCWE-79 4.8AIMediumAI2024-08-23

This page lists every published CVE security advisory associated with pretix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.