aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +98 more potentially affected by CVE-2026-27982 via django-allauth (>=0.24.1 <=65.13.1)

django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2026-27982 Source advisory: OSV:GHSA-2JPR-83RG-V67J...

actpdf (>=0.1.0 <=0.12.0), agenticmem (>=0.1.4.1 <=0.1.5.0) +212 more potentially affected by CVE-2025-68616 via weasyprint (>=0.28.0 <=67.0.0)

weasyprint PYPI version =0.28.0, =0.1.0, =0.1.4.1, =0.5.0, =0.1.1, =0.1.1, =0.1.0, =0.5.0, =0.3.18, =1.1.0, =0.1.0, =0.1.5 and more Source cves: CVE-2025-68616 Source advisory: SNYK:PYTHON-WEASYPRINT-15035957...

aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +97 more potentially affected by CVE-2025-65430 via django-allauth (>=0.24.1 <=65.12.1)

django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65430 Source advisory: OSV:GHSA-QHMC-3MVR-F2J4...

aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +97 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)

django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:PYSEC-2025-111...

EUVD-2025-7678

Malicious code in bioql PyPI...

EUVD-2022-5974

Malicious code in bioql PyPI...

aldryn-django-cms (=3.5.3.2), aleksis (>=1.0.0a4.dev0 <=2023.1.0.dev0) +43 more potentially affected by CVE-2025-48383 via django-select2 (>=4.3.2 <=8.2.4)

django-select2 PYPI version =4.3.2, =1.0.0a4.dev0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =0.1.0, =2.0.0, =2.0.0, =2.0.0, =0.1.1, =2.0.0, =2.2.0 and more Source cves: CVE-2025-48383 Source advisory: OSV:GHSA-WJRH-HJ83-3WH7...

CVE-2022-29773

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

CVE-2025-25683

AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...

CVE-2025-25683

AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...

Files or Directories Accessible to External Parties

Overview aleksis-core is a This is the core of the AlekSIS framework and the official distribution see below. It bundles functionality for all apps, and utilities for developers and administrators. Affected versions of this package are vulnerable to Files or Directories Accessible to External...

aleksis (>=2023.1.0b0 <=2023.6.0b1), aleksis-app-alsijil (>=2.0.0a3 <=2.0c7_0) +9 more potentially affected by CVE-2025-25683 via aleksis-core (>=3.0.0 <=3.0.0b3)

aleksis-core PYPI version =3.0.0, =2023.1.0b0, =2.0.0a3, =1.0.7.dev0, =2.0.0b0, =2.0.0b0, =2.0.0b0, =2.0.0b0, =2.0.0a1, =1.0.0, =2.0.0b0, =2.1.0.dev1 Source cves: CVE-2025-25683 Source advisory: SNYK:PYTHON-ALEKSISCORE-9486554...

CVE-2025-25683

AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...

CVE-2025-25683

AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...

AlekSIS-Core 安全漏洞

AlekSIS-Core is a school information system from AlekSIS, Inc. A security vulnerability exists in AlekSIS-Core versions 3.0 through 3.2.1, which stems from improperly controlled access and could result in unauthorized access to PDF files...

CVE-2025-25683

CVE-2025-25683 affects AlekSIS-Core versions 3.0–3.2.1, with an underlying Incorrect Access Control that allows unauthenticated users to access all PDF files. Exploitation details are not provided in the documents, but multiple sources confirm the vulnerability and affected ranges. Remediation (w...

aleksis (>=2025.1.0 <=2025.1.1), aleksis-app-alsijil (>=4.0.0 <=4.0.0.dev9) +143 more potentially affected by unknown CVE via django-allauth (>=65.0.1 <=65.2.0)

django-allauth PYPI version =65.0.1, =2025.1.0, =4.0.0, =3.0.0.dev0, =4.0.0, =4.0.0, =0.1.0.dev0, =4.0.0, =3.0.0.dev0, =4.0.0.dev0, =4.0.0, =0.1.0.dev0, =0.3.0, =4.0.0, =0.1.0.dev1, =3.0.0, =3.0.0.dev0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DJANGOALLAUTH-8600545...

Privilege Escalation

AlekSIS-Core is vulnerable to privilege escalation. Lack of disabling of the oauthrequest.client.allowedscopes field in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin allows an attacker to access the system with arbitrary scopes...

Access control issue in AlekSIS-Core

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

GHSA-76X2-H8H3-CWJG Access control issue in AlekSIS-Core

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...