Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xeGg5LXFtZjItcmh3Y84ABKFq

Moderate EPSS: 0.00032% (0.07441 Percentile) EPSS:
Permalink JSON

Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates

Affected Packages Affected Versions Fixed Versions
pypi:roundup < 2.5.0 2.5.0
0 Dependent packages
3 Dependent repositories
275 Downloads last month

Affected Version Ranges

All affected versions

0.5.9, 0.6.8, 0.6.9, 0.6.11, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.7, 0.7.8, 0.7.9, 0.7.11, 0.7.12, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.4.20, 1.4.21, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0

All unaffected versions

2.5.0

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

References:

Identifiers

GHSA-qxh9-qmf2-rhwc

CVE-2025-53865

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00032

EPSS Percentile: 0.07441

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/roundup-tracker/roundup

Date and time

Published

16 days ago

Updated

15 days ago

API

JSON