Information Exposure Affecting gramps-webapi package, versions [,3.11.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Information Exposure vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-GRAMPSWEBAPI-16321423
- published29 Apr 2026
- disclosed9 Apr 2026
- creditUnknown
Introduced: 9 Apr 2026
CVE NOT AVAILABLE CWE-200 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade gramps-webapi to version 3.11.0 or higher.
Overview
gramps-webapi is an A RESTful web API for the Gramps genealogical database.
Affected versions of this package are vulnerable to Information Exposure in the iter_*() process. An attacker can access private sub-object data attached to otherwise-public objects by querying list API endpoints as a user with the Guest role. This is only exploitable if sub-objects have been explicitly marked private in the desktop application and then synced or imported into the web application.