Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wagtail — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting wagtail. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wagtail serves as a Django-based CMS for content management websites. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, privilege escalation, and information disclosure. The platform's security posture has been impacted by issues related to improper input validation, insecure default configurations, and insufficient access controls. While no major public security incidents have been widely documented, the 15 CVEs on record highlight consistent security challenges, particularly in areas of user input handling and permission management. Organizations implementing Wagtail should prioritize regular updates and harden configurations against common web application threats.

Top products by wagtail: wagtail
CVE IDTitleCVSSSeverityPublished
CVE-2026-28222 Wagtail: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes — wagtailCWE-79 6.1 Medium2026-03-05
CVE-2026-28223 Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface — wagtailCWE-79 6.1 Medium2026-03-05
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints — wagtailCWE-862 5.3AIMediumAI2026-02-04
CVE-2024-39317 Wagtail regular expression denial-of-service via search query parsing — wagtailCWE-1333 6.5 Medium2024-07-11
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail — wagtailCWE-280 5.5 Medium2024-05-30
CVE-2024-32882 Permission check bypass when editing a model with per-field restrictions in wagtail — wagtailCWE-280 2.7 Low2024-05-02
CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail — wagtailCWE-200 2.7 Low2023-10-19
CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files — wagtailCWE-400 4.9 Medium2023-04-03
CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views — wagtailCWE-79 6.4 Medium2023-04-03
CVE-2022-21683 Comment reply notifications sent to incorrect users in wagtail — wagtailCWE-200 3.5 Low2022-01-18
CVE-2021-32681 Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks — wagtailCWE-79 5.4 Medium2021-06-17
CVE-2021-29434 Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields — wagtailCWE-79 6.1 Medium2021-04-19
CVE-2020-15118 Cross-Site Scripting in Wagtail — wagtailCWE-79 5.7 Medium2020-07-20
CVE-2020-11037 Potential Observable Timing Discrepancy in Wagtail — WagtailCWE-208 6.1 Medium2020-04-30
CVE-2020-11001 Possible XSS attack in Wagtail — wagtailCWE-80 5.8 Medium2020-04-14

This page lists every published CVE security advisory associated with wagtail. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.