indico
PyPI7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting indicopage 1 of 1
- CVE-2021-30185HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.42021-04-07
vulnerable: 0.98-rc1 ... 2.3.3 (67 versions)
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
- CVE-2023-37901MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.2.62023-07-21
vulnerable: 0.98-rc1 ... 3.2.5 (83 versions)
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least…
- CVE-2024-45399MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.3.42024-09-04
vulnerable: 0.98-rc1 ... 3.3.3 (91 versions)
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vul…
- CVE-2024-50633NONECVSS 0.0EG 0.0✓ Fixed in 3.3.32025-01-16
vulnerable: 3.2.9, 3.3, 3.3.1, 3.3.2
A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the pr…
- CVE-2025-53640MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.3.72025-07-14
vulnerable: 2.2 ... 3.3.6 (40 versions)
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (suc…
- CVE-2025-59034MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.3.82025-09-10
vulnerable: 0.98-rc1 ... 3.3.7 (95 versions)
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users with…
- CVE-2025-59035MEDIUMCVSS 4.6EG 4.6✓ Fixed in 3.3.82025-09-10
vulnerable: 0.98-rc1 ... 3.3.7 (95 versions)
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstra…
Check whether indico is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for indico CVEs against the assets you own.
Start Free Scan →