Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.
Analysis
Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.
Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter o
Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limi
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when u
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial
Weblate versions prior to 5.15.2 expose screenshot images through the web server without authentication controls, enabli
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpo
Weblate versions up to 5.16.0 contains a vulnerability that allows attackers to an argument injection to `ssh-add` (CVSS
Weblate is a web based localization tool. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Pub
Server-Side Request Forgery in Weblate's VCS_RESTRICT_PRIVATE control (versions 5.15 through pre-2026.6) allows bypassin
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email addres
Weblate is a web based localization tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable,
Weblate is a copyleft software web-based continuous localization system. Rated medium severity (CVSS 5.4), this vulnerab
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23003
GHSA-hv99-mxm5-q397