Wger-project Wger
6 CVEs affecting Wger-project Wger. Latest disclosed: 2026-05-12. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-43948 | Critical | 9.9 | 2026-05-12 | wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope… |
CVE-2026-40474 | High | 7.6 | 2026-04-17 | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymco… |
CVE-2026-27839 | Medium | 4.3 | 2026-02-26 | wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three `nutritional_values` action endpoints fetch objects via `Mo… |
CVE-2026-27835 | Medium | 4.3 | 2026-02-26 | wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, `RepetitionsConfigViewSet` and `MaxRepetitionsConfigViewSet` retu… |
CVE-2026-27838 | Low | 3.1 | 2026-02-26 | wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling `self.get_object()`. In versions up… |
CVE-2026-40353 | | 2026-04-17 | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by di… |