📦 Weblate

This vulnerability in Weblate allows remote attackers to overwrite Git configuration settings, potentially altering Git behavior and enabling further attacks. It affects all Weblate instances running ...

This vulnerability in Weblate allows one user to accept an invitation that was opened by another user, potentially leading to unauthorized access or privilege escalation. All Weblate instances running...

CVE-2026-21889 is an improper access control vulnerability in Weblate where screenshot images were served directly by the HTTP server without authentication checks. This allows unauthenticated attacke...

This vulnerability in Weblate allows attackers to read arbitrary files from the server file system by exploiting crafted symbolic links in repositories. It affects all Weblate installations prior to v...

CVE-2022-23915 is a remote code execution vulnerability in Weblate, a web-based translation management system. Authenticated users can inject arguments when using git or mercurial repositories, allowi...

Weblate versions before 5.16.0 have an argument injection vulnerability in the SSH management console when adding SSH host keys. This allows attackers to execute arbitrary commands on the server if th...

CVE-2025-67715 is an information disclosure vulnerability in Weblate that allows unauthorized API access to user notification settings and user lists. This affects all Weblate instances running versio...

This vulnerability in Weblate allows attackers to trigger excessive repository updates via malicious webhook payloads, potentially causing denial of service through resource exhaustion. It affects all...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Weblate's Create Component functionality. When using the Mercurial version control system, attackers can supply malicious repos...

This CVE describes an open redirect vulnerability in Weblate versions 5.13.2 and below when configured with Anubis and REDIRECT_DOMAINS is not set. Attackers can craft malicious URLs that redirect use...

Weblate versions before 5.12 lack rate limiting on second-factor authentication endpoints, allowing attackers with valid credentials to automate OTP guessing. This affects all Weblate instances using ...

Weblate versions 5.14 and below expose the IP address of project administrators in audit logs when inviting users to projects. This information leakage allows invited users to view the IP addresses of...