Vulnerability Database

296,760

Total vulnerabilities in the database

CVE-2024-39303

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.

Published: Jul 1, 2024
Updated: May 4, 2025
CVE: CVE-2024-39303
GHSA: GHSA-jfgp-674x-6q4p
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-73

Affected Software
References

Software	From	Fixed in
Weblate	4.14	5.6.2
weblate / weblate	4.14	5.6.2

https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo