CVE-2025-53865 – roundup

Package

Manager: pip
Name: roundup
Vulnerable Version: >=0 <2.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

EPSS: 0.00037 pctl0.09896

Details

Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

Metadata

Created: 2025-07-13T21:30:31Z
Modified: 2025-07-14T20:53:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-qxh9-qmf2-rhwc/GHSA-qxh9-qmf2-rhwc.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qxh9-qmf2-rhwc
Finding: F008
Auto approve: 1