EUVD-2021-28306

Malicious code in bioql PyPI...

CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...

CVE-2024-24761

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...

UBUNTU-CVE-2021-41260

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue...

Galette Cross-Site Scripting Vulnerability

Galette is open source a membership management web application for non-profit organizations. Galette suffers from a cross-site scripting vulnerability in versions prior to 0.9.5 that stems from a lack of checksum filtering of user-supplied and output data. An attacker could store malicious...