Information Exposure Affecting gramps-webapi package, versions [,3.11.0)

Q: How to fix?

Upgrade gramps-webapi to version 3.11.0 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-GRAMPSWEBAPI-16321423
published29 Apr 2026
disclosed9 Apr 2026
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 9 Apr 2026

CWE-200 (opens in a new tab)

How to fix?

Upgrade gramps-webapi to version 3.11.0 or higher.

Overview

gramps-webapi is an A RESTful web API for the Gramps genealogical database.

Affected versions of this package are vulnerable to Information Exposure in the iter_*() process. An attacker can access private sub-object data attached to otherwise-public objects by querying list API endpoints as a user with the Guest role. This is only exploitable if sub-objects have been explicitly marked private in the desktop application and then synced or imported into the web application.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None