PT-2026-48524

Name of the Vulnerable Software and Affected Versions Weblate versions 5.15 through 2026.5 Description Weblate is a web-based localization tool. The VCS RESTRICT PRIVATE setting fails to properly account for certain semi-private IPv4 ranges, multicast addresses, and transitional IPv6 ranges,...

PT-2025-51315

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. Versions prior to 5.15 allowed accepting an invitation opened by a different user. Recommendations Update to version 5.15 or later. As a workaround, avoid...

EUVD-2025-18400

Malicious code in bioql PyPI...

EUVD-2025-11008

Malicious code in bioql PyPI...

CVE-2025-49134

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

PYSEC-2025-35

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...