Weblate Security Vulnerabilities (CVEs)
Track 15 security vulnerabilities affecting Weblate products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Weblate versions before 5.16.0 have an argument injection vulnerability in the SSH management console when adding SSH host keys. This allows attackers...
Feb 19, 2026This vulnerability in the Weblate command-line client (wlc) allows a malicious Weblate server to write files to arbitrary locations on a client's syst...
Jan 16, 2026CVE-2026-21889 is an improper access control vulnerability in Weblate where screenshot images were served directly by the HTTP server without authenti...
Jan 14, 2026CVE-2026-22250 is a vulnerability in the wlc Weblate command-line client where SSL certificate verification can be bypassed for certain crafted URLs. ...
Jan 12, 2026CVE-2026-22251 is a vulnerability in the wlc Weblate command-line client where unscoped API keys could be inadvertently leaked to different servers. T...
Jan 12, 2026This vulnerability in Weblate allows remote attackers to overwrite Git configuration settings, potentially altering Git behavior and enabling further ...
Dec 18, 2025This vulnerability in Weblate allows attackers to read arbitrary files from the server file system by exploiting crafted symbolic links in repositorie...
Dec 18, 2025CVE-2025-67715 is an information disclosure vulnerability in Weblate that allows unauthorized API access to user notification settings and user lists....
Dec 16, 2025This vulnerability in Weblate allows attackers to trigger excessive repository updates via malicious webhook payloads, potentially causing denial of s...
Dec 16, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Weblate's Create Component functionality. When using the Mercurial version co...
Dec 16, 2025This vulnerability in Weblate allows one user to accept an invitation that was opened by another user, potentially leading to unauthorized access or p...
Dec 15, 2025Weblate versions 5.14 and below expose the IP address of project administrators in audit logs when inviting users to projects. This information leakag...
Nov 6, 2025This CVE describes an open redirect vulnerability in Weblate versions 5.13.2 and below when configured with Anubis and REDIRECT_DOMAINS is not set. At...
Oct 1, 2025Weblate versions before 5.12 lack rate limiting on second-factor authentication endpoints, allowing attackers with valid credentials to automate OTP g...
Jun 16, 2025CVE-2022-23915 is a remote code execution vulnerability in Weblate, a web-based translation management system. Authenticated users can inject argument...
Mar 4, 2022Why Monitor Weblate Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 15+ known vulnerabilities affecting Weblate products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Weblate packages in under 60 seconds. No agents required - completely agentless scanning that works across Weblate deployments.
Free vulnerability database: Access detailed information about every Weblate CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Weblate CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
