Homepage

django-tomselect@0.5.1b5 vulnerabilities

Django autocomplete widgets and views using Tom Select

  • latest version

    2025.3.4

  • latest non vulnerable version

    2025.3.4

  • first published

    1 years ago

  • latest version published

    23 days ago

  • licenses detected

  • View django-tomselect package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the django-tomselect package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Improper Encoding or Escaping of Output

    django-tomselect is a Django autocomplete widgets and views using Tom Select

    Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in form widget input, including the label_field parameter. An attacker can hide the contents between <script> tags in code from appearing in the output, since the browser may interpret and render the tags. Although injected, such scripts are not executed.

    How to fix Improper Encoding or Escaping of Output?

    Upgrade django-tomselect to version 2025.3.3 or higher.

    [,2025.3.3)
    Go back to all versions of this package