weblate
A web-based continuous localization system with tight version control integration
v5.16.2
MODERATE
Weblate has an argument injection in management console
CVE-2026-24126
LOW
HIGH
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
BIT-weblate-2022-23915 · CVE-2022-23915 · CVE-2022-24727 · GHSA-h2g5-2rhx-ffgj · PYSEC-2022-162 · PYSEC-2022-31 · SNYK-PYTHON-WEBLATE-2414088
LOW
Weblate leaks information via screenshots
CVE-2026-21889
MODERATE
LOW
Weblate exposes personal IP address via e-mail
CVE-2025-49134
MODERATE
Weblate lacks rate limiting when verifying second factor
CVE-2025-47951
MODERATE
Cross-site Scripting in Weblate
BIT-weblate-2022-24710 · CVE-2022-24710 · PYSEC-2022-35
CRITICAL
HIGH
Weblate has an arbitrary file read via symbolic links
CVE-2025-68279
MODERATE
Weblate user account enumeration via reset password form
CVE-2017-5537 · PYSEC-2017-42
LOW
LOW
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
CVE-2025-32021 · PYSEC-2025-35
LOW
MODERATE
MODERATE
UNKNOWN
PYSEC-2017-42
CVE-2017-5537 · GHSA-j24g-gm76-j829
UNKNOWN
PYSEC-2022-162
BIT-weblate-2022-23915 · CVE-2022-23915 · CVE-2022-24727 · GHSA-3872-f48p-pxqj · GHSA-h2g5-2rhx-ffgj · PYSEC-2022-31 · SNYK-PYTHON-WEBLATE-2414088
UNKNOWN
PYSEC-2022-31
BIT-weblate-2022-23915 · CVE-2022-23915 · CVE-2022-24727 · GHSA-3872-f48p-pxqj · GHSA-h2g5-2rhx-ffgj · PYSEC-2022-162 · SNYK-PYTHON-WEBLATE-2414088
UNKNOWN
PYSEC-2022-35
BIT-weblate-2022-24710 · CVE-2022-24710 · GHSA-6jp6-9rf9-gc66
UNKNOWN
PYSEC-2025-35
CVE-2025-32021 · GHSA-m67m-3p5g-cw9j
Exclude CI/CDPRO
Best Day
17.0K
Mar 24
Worst Day
192
Mar 21
Peaks On
Tues
8.1K avg
Quietest
Suns
2.9K avg
Download Trend
Badge
Markdown
[](/packages/weblate)
HTML
<a href="/packages/weblate"><img src="/api/badges/weblate?period=month" alt="PyPI Stats"></a>