Is tendenci affected by CVE-2020-36962?

PyPI tendenci is affected in <12.3.2.

Is CVE-2020-36962 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 10.7%.

medium

CVE-2020-36962

Q: Is CVE-2020-36962 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 10.7%.

PyPI · tendenci

Summary

Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field

Severity: medium
EPSS: 10.7% (p95)
Also known as: GHSA-4q3w-jgfx-4792, PYSEC-2026-136
Published: 2026-01-28

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36962
https://github.com/tendenci/tendenci/commit/3e37622cac81440c5a1f97c39f112a2cf4a5450c
https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2026-136.yaml

Related advisories

CVE-2025-70959 — medium · PyPI/tendenci
CVE-2025-70960 — medium · PyPI/tendenci
CVE-2026-23946 — medium · PyPI/tendenci

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.