VYPR

PyPI package

beets

pkg:pypi/beets

Vulnerabilities (1)

  • CVE-2026-42052MedMay 4, 2026
    affected < 2.10.0fixed 2.10.0

    Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered