galette CVE Vulnerabilities & Metrics

Focus on galette vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About galette Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with galette. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total galette CVEs: 10
Earliest CVE date: 25 Oct 2021, 16:15 UTC
Latest CVE date: 19 Dec 2025, 17:15 UTC

Latest CVE reference: CVE-2025-58053

Rolling Stats

30-day Count (Rolling): 3
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 400.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 400.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical galette CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.03

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	8
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS galette CVEs

These are the five CVEs with the highest CVSS scores for galette, sorted by severity first and recency.

CVE-2021-41260 galette Published on 16 Dec 2021, 18:15 UTC (CVSS: 6.8)
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.
CVE-2021-41262 galette Published on 16 Dec 2021, 19:15 UTC (CVSS: 6.5)
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.
CVE-2021-41261 galette Published on 16 Dec 2021, 19:15 UTC (CVSS: 3.5)
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.
CVE-2021-21319 galette Published on 25 Oct 2021, 16:15 UTC (CVSS: 3.5)
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This...
CVE-2025-58053 galette Published on 19 Dec 2025, 17:15 UTC (CVSS: 0)
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.

All CVEs for galette

CVE-2025-58053 galette vulnerability CVSS: 0 19 Dec 2025, 17:15 UTC

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.

CVE-2025-58052 galette vulnerability CVSS: 0 19 Dec 2025, 17:15 UTC

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue.

CVE-2025-53922 galette vulnerability CVSS: 0 19 Dec 2025, 16:15 UTC

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.

CVE-2025-48884 galette vulnerability CVSS: 0 04 Nov 2025, 21:15 UTC

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.

CVE-2025-48076 galette vulnerability CVSS: 0 04 Nov 2025, 21:15 UTC

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.

CVE-2024-24761 galette vulnerability CVSS: 0 06 Mar 2024, 18:15 UTC

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue.

CVE-2021-41262 galette vulnerability CVSS: 6.5 16 Dec 2021, 19:15 UTC

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.

CVE-2021-41261 galette vulnerability CVSS: 3.5 16 Dec 2021, 19:15 UTC

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.

CVE-2021-41260 galette vulnerability CVSS: 6.8 16 Dec 2021, 18:15 UTC

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.

CVE-2021-21319 galette vulnerability CVSS: 3.5 25 Oct 2021, 16:15 UTC

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.