17 Total advisories
17 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 8.8
CVE-2023-38759
CVE-2023-38759
MEDIUM 5.4
CVE-2023-38758
CVE-2023-38758
HIGH 8.5
GHSA-mw8f-w6p8-xrf4
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None
HIGH 8.1
CVE-2026-43978
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager
HIGH 7.5
CVE-2026-43977
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API
CRITICAL 9.9
CVE-2026-43948
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
MEDIUM 6.5
GHSA-v25j-wqcw-fvhj
wger has an Uncontrolled Resource Consumption issue
HIGH 7.4
GHSA-xq9m-hmp9-fw87
wger: CSV/TSV formula injection in gym member export (first_name/last_name)
MEDIUM 5.4
GHSA-vqv8-j3mj-wjxj
wger: trainer_login open redirect - ?next= parameter not validated against host
HIGH 7.6
CVE-2026-40474
wger has Broken Access Control in Global Gym Configuration Update Endpoint
MEDIUM 5.4
CVE-2026-40353
wger has Stored XSS via Unescaped License Attribution Fields
MEDIUM 4.3
CVE-2026-27835
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data
LOW 3.1
CVE-2026-27838
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
MEDIUM 4.3
CVE-2026-27839
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup
HIGH 8.8
CVE-2023-38759
wger Workout Manager Cross-Site Request Forgery vulnerability
MEDIUM 5.4
CVE-2023-38758
wger Workout Manager Cross-site Scripting vulnerability
CRITICAL 9.8
CVE-2022-2650
wger vulnerable to brute force attempts
Ready to move
Start Securing
Free, no credit card | First findings in minutes