Browse all 6 CVE security advisories affecting wger-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40474 | wger has Broken Access Control in the Global Gym Configuration Update Endpoint — wgerCWE-284 | 7.6 | High | 2026-04-17 |
| CVE-2026-40353 | wger: Stored XSS via Unescaped License Attribution Fields — wgerCWE-79 | 5.4AI | MediumAI | 2026-04-17 |
| CVE-2026-27839 | wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup — wgerCWE-639 | 4.3 | Medium | 2026-02-26 |
| CVE-2026-27838 | wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data — wgerCWE-639 | 3.1 | Low | 2026-02-26 |
| CVE-2026-27835 | wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data — wgerCWE-639 | 4.3 | Medium | 2026-02-26 |
| CVE-2022-2650 | Improper Restriction of Excessive Authentication Attempts in wger-project/wger — wger-project/wgerCWE-307 | 9.8 | - | 2022-11-24 |
This page lists every published CVE security advisory associated with wger-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.