| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-1v22-g646-wbay |
| vulnerability_id |
VCID-1v22-g646-wbay |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14235 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89145 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89148 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89132 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89098 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89089 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14235 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1v22-g646-wbay |
|
| 1 |
| url |
VCID-28g3-ubx6-ebff |
| vulnerability_id |
VCID-28g3-ubx6-ebff |
| summary |
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1285 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20187 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20125 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20106 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20047 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.19968 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20242 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20754 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20771 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20824 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1285 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1285, GHSA-4rrr-2h4v-f3j9
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff |
|
| 2 |
| url |
VCID-2tfv-rtq7-2fg9 |
| vulnerability_id |
VCID-2tfv-rtq7-2fg9 |
| summary |
Django has Observable Timing Discrepancy
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08681 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08755 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.0873 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08653 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08729 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10648 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10506 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10488 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10623 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13473 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-13473, GHSA-2mcm-79hx-8fxw
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| url |
VCID-2zb9-27sm-3kgh |
| vulnerability_id |
VCID-2zb9-27sm-3kgh |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86632 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86613 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86594 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86583 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86665 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86646 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86653 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86655 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86642 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86659 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14232 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 46 |
| reference_url |
https://security.gentoo.org/glsa/202004-17 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://security.gentoo.org/glsa/202004-17 |
|
| 47 |
|
| 48 |
|
| 49 |
| reference_url |
https://www.debian.org/security/2019/dsa-4498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://www.debian.org/security/2019/dsa-4498 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2zb9-27sm-3kgh |
|
| 4 |
| url |
VCID-42x9-8c3c-bug1 |
| vulnerability_id |
VCID-42x9-8c3c-bug1 |
| summary |
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-31047 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31306 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31327 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31293 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31375 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31371 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.3134 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31286 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31467 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31425 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-31047 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2023-31047, CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42x9-8c3c-bug1 |
|
| 5 |
| url |
VCID-4ztz-fq98-5fh1 |
| vulnerability_id |
VCID-4ztz-fq98-5fh1 |
| summary |
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6112 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61025 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61019 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61053 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61113 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61071 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6109 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61104 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61067 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1 |
|
| 6 |
| url |
VCID-66w1-4zku-gyfp |
| vulnerability_id |
VCID-66w1-4zku-gyfp |
| summary |
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45452 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52632 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52695 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52688 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.5265 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52666 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52683 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52637 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52586 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.5262 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52593 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52549 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45452 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-jrh2-hc4r-7jwx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-jrh2-hc4r-7jwx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-45452, CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-66w1-4zku-gyfp |
|
| 7 |
| url |
VCID-6gss-ppm5-3yc9 |
| vulnerability_id |
VCID-6gss-ppm5-3yc9 |
| summary |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73857 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73916 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73907 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73852 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73823 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.7387 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73865 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73873 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73892 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73828 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gss-ppm5-3yc9 |
|
| 8 |
| url |
VCID-7tca-pgcs-cuhd |
| vulnerability_id |
VCID-7tca-pgcs-cuhd |
| summary |
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-41323 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.91977 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92022 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92025 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92011 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.9201 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92007 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92003 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.91985 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.91991 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-41323 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-41323, CVE-2022-41323, GHSA-qrw5-5h28-6cmg, PYSEC-2022-304
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tca-pgcs-cuhd |
|
| 9 |
| url |
VCID-7tph-k8q2-bue2 |
| vulnerability_id |
VCID-7tph-k8q2-bue2 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41991 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75851 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75813 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.7582 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75839 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75803 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.7577 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75792 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75759 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41991 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2 |
|
| 10 |
| url |
VCID-896g-hqec-ryb9 |
| vulnerability_id |
VCID-896g-hqec-ryb9 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61467 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61428 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.6146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61423 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61377 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61407 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61378 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9 |
|
| 11 |
| url |
VCID-8jaq-53td-wbeg |
| vulnerability_id |
VCID-8jaq-53td-wbeg |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94298 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94351 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9433 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94329 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94328 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94324 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9432 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9431 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94309 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg |
|
| 12 |
| url |
VCID-8m4b-y4va-kqgm |
| vulnerability_id |
VCID-8m4b-y4va-kqgm |
| summary |
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84423 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.844 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84404 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86066 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.8603 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86076 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm |
|
| 13 |
| url |
VCID-8qu1-45n9-gyb1 |
| vulnerability_id |
VCID-8qu1-45n9-gyb1 |
| summary |
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01069 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01067 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01084 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01079 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01072 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01433 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01444 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01443 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01446 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1287 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1287, GHSA-gvg8-93h5-g6qq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1 |
|
| 14 |
| url |
VCID-8xgs-8xjr-cber |
| vulnerability_id |
VCID-8xgs-8xjr-cber |
| summary |
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.8041 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80408 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80379 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80386 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80402 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80372 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80343 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80355 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80335 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber |
|
| 15 |
| url |
VCID-9abh-apwm-ebab |
| vulnerability_id |
VCID-9abh-apwm-ebab |
| summary |
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-32873 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37659 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37613 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37641 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37674 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37661 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37647 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37717 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37692 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-32873 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab |
|
| 16 |
| url |
VCID-9k9t-vp1a-z7bt |
| vulnerability_id |
VCID-9k9t-vp1a-z7bt |
| summary |
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3281 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97115 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97112 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97104 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97076 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97098 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97088 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97083 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.36231 |
| scoring_system |
epss |
| scoring_elements |
0.97102 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3281 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-fvgf-6h6h-3322 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-fvgf-6h6h-3322 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-3281, CVE-2021-3281, GHSA-fvgf-6h6h-3322, PYSEC-2021-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9k9t-vp1a-z7bt |
|
| 17 |
| url |
VCID-9uzd-mmyv-mfh4 |
| vulnerability_id |
VCID-9uzd-mmyv-mfh4 |
| summary |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68747 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68774 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68804 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00642 |
| scoring_system |
epss |
| scoring_elements |
0.70648 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00642 |
| scoring_system |
epss |
| scoring_elements |
0.7064 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-64459, GHSA-frmv-pr5f-9mcr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| url |
VCID-a8zx-jamf-cfcm |
| vulnerability_id |
VCID-a8zx-jamf-cfcm |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95354 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95328 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95335 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95344 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95346 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95357 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95376 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95367 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95382 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14234 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zx-jamf-cfcm |
|
| 19 |
| url |
VCID-c2kc-1jh1-j3ha |
| vulnerability_id |
VCID-c2kc-1jh1-j3ha |
| summary |
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19118 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57769 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57772 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57743 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57762 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57783 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57767 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57764 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57709 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57735 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00354 |
| scoring_system |
epss |
| scoring_elements |
0.57628 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19118 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-19118, GHSA-hvmf-r92r-27hr, PYSEC-2019-15
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2kc-1jh1-j3ha |
|
| 20 |
| url |
VCID-c6xy-v4sf-u3hn |
| vulnerability_id |
VCID-c6xy-v4sf-u3hn |
| summary |
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59682 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05198 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05196 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05251 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05265 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05279 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05314 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05294 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05258 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05234 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05204 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59682 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-59682, GHSA-q95w-c7qg-hrff
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn |
|
| 21 |
| url |
VCID-c8s7-3g9m-d3cw |
| vulnerability_id |
VCID-c8s7-3g9m-d3cw |
| summary |
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33571 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09694 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09724 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09841 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09741 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09857 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09893 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09887 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09834 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09762 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09862 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09812 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33571 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-33571, CVE-2021-33571, GHSA-p99v-5w3c-jqq9, PYSEC-2021-99
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c8s7-3g9m-d3cw |
|
| 22 |
| url |
VCID-e2jd-yd4j-kqgt |
| vulnerability_id |
VCID-e2jd-yd4j-kqgt |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46415 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46418 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46379 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46355 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46299 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46351 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46331 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt |
|
| 23 |
| url |
VCID-e87q-1j8h-93hh |
| vulnerability_id |
VCID-e87q-1j8h-93hh |
| summary |
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56374 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24686 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24537 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24724 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24545 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24532 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24586 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24496 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24567 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24629 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24612 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56374 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh |
|
| 24 |
| url |
VCID-gp5e-nguh-5fdk |
| vulnerability_id |
VCID-gp5e-nguh-5fdk |
| summary |
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87733 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87777 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87778 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87764 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87766 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87771 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.8776 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87754 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87731 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87718 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-23833, CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gp5e-nguh-5fdk |
|
| 25 |
| url |
VCID-hwa2-n7a2-pyg1 |
| vulnerability_id |
VCID-hwa2-n7a2-pyg1 |
| summary |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45116 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.5704 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57182 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57186 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57158 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57178 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57199 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57187 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57185 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57135 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57157 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57133 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45116 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-45116, CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| url |
VCID-j4br-4y39-s3gs |
| vulnerability_id |
VCID-j4br-4y39-s3gs |
| summary |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13596 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76945 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.7694 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76898 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76903 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76923 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76896 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76854 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76872 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76843 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76836 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13596 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-13596, CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j4br-4y39-s3gs |
|
| 27 |
| url |
VCID-jh1e-72hp-fuf4 |
| vulnerability_id |
VCID-jh1e-72hp-fuf4 |
| summary |
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01855 |
| scoring_system |
epss |
| scoring_elements |
0.82977 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85665 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85642 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85599 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85635 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85604 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8567 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4 |
|
| 28 |
| url |
VCID-jtru-9jmz-kkek |
| vulnerability_id |
VCID-jtru-9jmz-kkek |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14233 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89145 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89148 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89089 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89098 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89132 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14233 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jtru-9jmz-kkek |
|
| 29 |
| url |
VCID-kypj-ptb9-8qhz |
| vulnerability_id |
VCID-kypj-ptb9-8qhz |
| summary |
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31542 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91403 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91334 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91378 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91364 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91352 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91344 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.9133 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.9138 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.06886 |
| scoring_system |
epss |
| scoring_elements |
0.91381 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31542 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-31542, CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kypj-ptb9-8qhz |
|
| 30 |
| url |
VCID-m91a-6235-nye9 |
| vulnerability_id |
VCID-m91a-6235-nye9 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55874 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5587 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55807 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55834 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55852 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55873 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55863 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55809 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42005 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9 |
|
| 31 |
| url |
VCID-mmay-juu6-5ua9 |
| vulnerability_id |
VCID-mmay-juu6-5ua9 |
| summary |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24584 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87147 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87192 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87172 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87175 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87221 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87216 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87201 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87205 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87211 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.0329 |
| scoring_system |
epss |
| scoring_elements |
0.87199 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24584 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-fr28-569j-53c4 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-fr28-569j-53c4 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://usn.ubuntu.com/4479-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4479-1 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-24584, CVE-2020-24584, GHSA-fr28-569j-53c4, PYSEC-2020-34
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mmay-juu6-5ua9 |
|
| 32 |
| url |
VCID-msge-1mfu-7qfa |
| vulnerability_id |
VCID-msge-1mfu-7qfa |
| summary |
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1312 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01069 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01067 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01084 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01079 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01072 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01433 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01444 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01443 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01446 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1312 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1312, GHSA-6426-9fv3-65x8
|
| risk_score |
3.9 |
| exploitability |
0.5 |
| weighted_severity |
7.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa |
|
| 33 |
| url |
VCID-mux4-uv98-hbbw |
| vulnerability_id |
VCID-mux4-uv98-hbbw |
| summary |
Django vulnerable to SQL injection in column aliases
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59681 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01962 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01975 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01974 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01959 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01955 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01935 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59681 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-59681, GHSA-hpr9-3m2g-3j9p
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw |
|
| 34 |
| url |
VCID-mzdk-m12w-q3fc |
| vulnerability_id |
VCID-mzdk-m12w-q3fc |
| summary |
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44420 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30929 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.3095 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30919 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30964 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.31007 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.31002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30973 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30915 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30921 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.3105 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.31097 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44420 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-44420, CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mzdk-m12w-q3fc |
|
| 35 |
| url |
VCID-nese-5485-hkbs |
| vulnerability_id |
VCID-nese-5485-hkbs |
| summary |
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-23969 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90743 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90732 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90793 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90796 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90777 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.9078 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90754 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90765 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-23969 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2023-23969, CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nese-5485-hkbs |
|
| 36 |
| url |
VCID-pa75-6avj-duf7 |
| vulnerability_id |
VCID-pa75-6avj-duf7 |
| summary |
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83498 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83541 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83547 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83532 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83484 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83522 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83572 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83571 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83536 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28346 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-2gwj-7jmv-h26r |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2gwj-7jmv-h26r |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-28346, CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pa75-6avj-duf7 |
|
| 37 |
| url |
VCID-q12d-kv8p-8ff7 |
| vulnerability_id |
VCID-q12d-kv8p-8ff7 |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37652 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37615 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37571 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37632 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37676 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37555 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37607 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37599 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39329 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7 |
|
| 38 |
| url |
VCID-qm34-ec8s-tfd7 |
| vulnerability_id |
VCID-qm34-ec8s-tfd7 |
| summary |
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55671 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55667 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55629 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55666 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55657 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55654 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55603 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55625 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.556 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33203 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7 |
|
| 39 |
| url |
VCID-t6uc-dfrd-jyfg |
| vulnerability_id |
VCID-t6uc-dfrd-jyfg |
| summary |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-p64x-8rxx-wf6q |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-p64x-8rxx-wf6q |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-34265, CVE-2022-34265, GHSA-p64x-8rxx-wf6q, PYSEC-2022-213
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t6uc-dfrd-jyfg |
|
| 40 |
| url |
VCID-th9v-dk98-3kea |
| vulnerability_id |
VCID-th9v-dk98-3kea |
| summary |
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28347 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78088 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78089 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78054 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78057 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78075 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78034 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78017 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78005 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78048 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78043 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28347 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-w24h-v9qh-8gxj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-w24h-v9qh-8gxj |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-28347, CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-th9v-dk98-3kea |
|
| 41 |
| url |
VCID-u3zk-tff2-aua9 |
| vulnerability_id |
VCID-u3zk-tff2-aua9 |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39614 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91334 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91373 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91348 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91349 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91321 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91314 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91304 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39614 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9 |
|
| 42 |
| url |
VCID-u7m5-tzv2-c7hn |
| vulnerability_id |
VCID-u7m5-tzv2-c7hn |
| summary |
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28658 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81101 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81202 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81165 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81172 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81185 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81166 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.8116 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81133 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81134 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.01505 |
| scoring_system |
epss |
| scoring_elements |
0.81109 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28658 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-xgxc-v2qg-chmh |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-xgxc-v2qg-chmh |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://pypi.org/project/Django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.org/project/Django |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-28658, CVE-2021-28658, GHSA-xgxc-v2qg-chmh, PYSEC-2021-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u7m5-tzv2-c7hn |
|
| 43 |
| url |
VCID-ukkt-wgau-t3et |
| vulnerability_id |
VCID-ukkt-wgau-t3et |
| summary |
Django is vulnerable to DoS via XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64460 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19807 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22365 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22349 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22405 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22447 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2237 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.225 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22425 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2236 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64460 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-64460, GHSA-vrcr-9hj9-jcg6
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et |
|
| 44 |
| url |
VCID-ume2-wt6y-jye7 |
| vulnerability_id |
VCID-ume2-wt6y-jye7 |
| summary |
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22818 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69424 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.6944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69492 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69507 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69486 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.6947 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.6942 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69478 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.01009 |
| scoring_system |
epss |
| scoring_elements |
0.77125 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.01009 |
| scoring_system |
epss |
| scoring_elements |
0.77126 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22818 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-95rw-fx8r-36v6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-95rw-fx8r-36v6 |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2022-22818, CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ume2-wt6y-jye7 |
|
| 45 |
| url |
VCID-upy5-adtx-n7hg |
| vulnerability_id |
VCID-upy5-adtx-n7hg |
| summary |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24583 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87409 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.8748 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87477 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87463 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87466 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87471 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87459 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87453 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87434 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87433 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.03426 |
| scoring_system |
epss |
| scoring_elements |
0.87419 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-24583 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4479-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4479-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-24583, CVE-2020-24583, GHSA-m6gj-h9gm-gw44, PYSEC-2020-33
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-upy5-adtx-n7hg |
|
| 46 |
| url |
VCID-v1xr-z4zu-yfb4 |
| vulnerability_id |
VCID-v1xr-z4zu-yfb4 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41989 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80356 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80354 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80324 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.803 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80279 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41989 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| url |
VCID-v4ad-xxy8-wfc9 |
| vulnerability_id |
VCID-v4ad-xxy8-wfc9 |
| summary |
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-32052 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85573 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85473 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85568 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85544 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85548 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.8555 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85535 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85526 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85506 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85502 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.02571 |
| scoring_system |
epss |
| scoring_elements |
0.85486 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-32052 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-qm57-vhq3-3fwf |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-qm57-vhq3-3fwf |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-32052, CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| url |
VCID-w2dv-u8h6-sbgs |
| vulnerability_id |
VCID-w2dv-u8h6-sbgs |
| summary |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.9279 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.928 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92796 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92785 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92815 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92814 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92804 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs |
|
| 49 |
| url |
VCID-w4pr-k5nj-ckgy |
| vulnerability_id |
VCID-w4pr-k5nj-ckgy |
| summary |
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05549 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05535 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05593 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05798 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05834 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05828 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05868 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy |
|
| 50 |
| url |
VCID-w6k8-js68-87g4 |
| vulnerability_id |
VCID-w6k8-js68-87g4 |
| summary |
Multiple vulnerabilities have been found in Python, the worst of
which might allow attackers to access sensitive information. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-23336 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53385 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53379 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53329 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53358 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53374 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53323 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53276 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53342 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00311 |
| scoring_system |
epss |
| scoring_elements |
0.54271 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00311 |
| scoring_system |
epss |
| scoring_elements |
0.54251 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00311 |
| scoring_system |
epss |
| scoring_elements |
0.54301 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-23336 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2021-23336
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w6k8-js68-87g4 |
|
| 51 |
| url |
VCID-wb34-g6xq-rkfx |
| vulnerability_id |
VCID-wb34-g6xq-rkfx |
| summary |
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9402 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99373 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99371 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.9937 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99369 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99368 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99366 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99363 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9402 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4296-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4296-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-9402, CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-36
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wb34-g6xq-rkfx |
|
| 52 |
| url |
VCID-wkrc-62bd-bbgx |
| vulnerability_id |
VCID-wkrc-62bd-bbgx |
| summary |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13254 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92472 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92462 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92463 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92461 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92455 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.9245 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92438 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92436 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92427 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92421 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13254 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-13254, CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrc-62bd-bbgx |
|
| 53 |
| url |
VCID-wwa5-mhgu-9khz |
| vulnerability_id |
VCID-wwa5-mhgu-9khz |
| summary |
Django denial-of-service in django.utils.html.strip_tags()
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53907 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7745 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77412 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77416 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77371 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7739 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77436 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7741 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.774 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53907 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-53907, GHSA-8498-2h75-472j
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz |
|
| 54 |
| url |
VCID-wz1q-1tjp-4qhw |
| vulnerability_id |
VCID-wz1q-1tjp-4qhw |
| summary |
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92886 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92884 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92859 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92875 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.9287 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92866 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92857 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92856 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://www.debian.org/security/2023/dsa-5465 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/ |
|
|
| url |
https://www.debian.org/security/2023/dsa-5465 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2023-36053, CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1q-1tjp-4qhw |
|
| 55 |
| url |
VCID-xgv1-s2ek-q3dp |
| vulnerability_id |
VCID-xgv1-s2ek-q3dp |
| summary |
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-26699 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52199 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81675 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.8167 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81643 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81624 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81676 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81682 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-26699 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp |
|
| 56 |
| url |
VCID-ypub-ukuh-p3aw |
| vulnerability_id |
VCID-ypub-ukuh-p3aw |
| summary |
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-24580 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96212 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96191 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96195 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96205 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96208 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96211 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96184 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96226 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96222 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96213 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-24580 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2023-24580, CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ypub-ukuh-p3aw |
|
| 57 |
| url |
VCID-ysyp-h7ja-yff3 |
| vulnerability_id |
VCID-ysyp-h7ja-yff3 |
| summary |
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1207 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88188 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88178 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88172 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88146 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89035 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89037 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89048 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.05126 |
| scoring_system |
epss |
| scoring_elements |
0.8982 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1207 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1207, GHSA-mwm9-4648-f68q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3 |
|
| 58 |
| url |
VCID-z27q-zfpz-ckby |
| vulnerability_id |
VCID-z27q-zfpz-ckby |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40454 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40445 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40476 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40429 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40486 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.4048 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40465 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40448 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39330 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
|
| aliases |
BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby |
|
| 59 |
| url |
VCID-z8z1-cjee-kfeg |
| vulnerability_id |
VCID-z8z1-cjee-kfeg |
| summary |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45115 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62355 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62512 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62506 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62461 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62483 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62413 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62411 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62444 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62494 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62475 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45115 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2021-45115, CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z8z1-cjee-kfeg |
|
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-1fs3-2msx-9kev |
| vulnerability_id |
VCID-1fs3-2msx-9kev |
| summary |
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14574 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91788 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91785 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91782 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91775 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91763 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91796 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91803 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91783 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91755 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.9175 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91741 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14574 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-5hg3-6c2f-f3wr |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-5hg3-6c2f-f3wr |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://usn.ubuntu.com/3726-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3726-1 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2018-14574, GHSA-5hg3-6c2f-f3wr, PYSEC-2018-2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1fs3-2msx-9kev |
|
| 1 |
| url |
VCID-1v22-g646-wbay |
| vulnerability_id |
VCID-1v22-g646-wbay |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14235 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89145 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89148 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89132 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89098 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89089 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14235 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1v22-g646-wbay |
|
| 2 |
| url |
VCID-27wt-wmzc-1bc2 |
| vulnerability_id |
VCID-27wt-wmzc-1bc2 |
| summary |
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6188 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76429 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76423 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76383 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76371 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76388 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.7641 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76384 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76338 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76358 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76327 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00952 |
| scoring_system |
epss |
| scoring_elements |
0.76324 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6188 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://usn.ubuntu.com/3559-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3559-1 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2018-6188, GHSA-rf4j-j272-fj86, PYSEC-2018-4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-27wt-wmzc-1bc2 |
|
| 3 |
| url |
VCID-2zb9-27sm-3kgh |
| vulnerability_id |
VCID-2zb9-27sm-3kgh |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86632 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86613 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86594 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86583 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86665 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86646 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86653 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86655 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86642 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86659 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14232 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 46 |
| reference_url |
https://security.gentoo.org/glsa/202004-17 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://security.gentoo.org/glsa/202004-17 |
|
| 47 |
|
| 48 |
|
| 49 |
| reference_url |
https://www.debian.org/security/2019/dsa-4498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://www.debian.org/security/2019/dsa-4498 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2zb9-27sm-3kgh |
|
| 4 |
| url |
VCID-438j-ce4y-zkan |
| vulnerability_id |
VCID-438j-ce4y-zkan |
| summary |
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12794 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95093 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95108 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95105 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95096 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95092 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95086 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95082 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95075 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95073 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95072 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.17619 |
| scoring_system |
epss |
| scoring_elements |
0.95062 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12794 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/advisories/GHSA-9r8w-6x8c-6jr9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-9r8w-6x8c-6jr9 |
|
| 4 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://usn.ubuntu.com/3559-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3559-1 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12794 |
| reference_id |
CVE-2017-12794 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12794 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2017-12794, GHSA-9r8w-6x8c-6jr9, PYSEC-2017-44
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-438j-ce4y-zkan |
|
| 5 |
| url |
VCID-4ztz-fq98-5fh1 |
| vulnerability_id |
VCID-4ztz-fq98-5fh1 |
| summary |
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6112 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61025 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61019 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61053 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61113 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61071 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6109 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61104 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61067 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1 |
|
| 6 |
| url |
VCID-56na-n4w5-8fak |
| vulnerability_id |
VCID-56na-n4w5-8fak |
| summary |
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12308 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.8077 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80822 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80839 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80837 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.808 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80808 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80806 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80773 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80752 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80743 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12308 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://github.com/advisories/GHSA-7rp2-fm2h-wchj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-7rp2-fm2h-wchj |
|
| 17 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 28 |
|
| 29 |
| reference_url |
https://usn.ubuntu.com/4043-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4043-1 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56na-n4w5-8fak |
|
| 7 |
| url |
VCID-7tph-k8q2-bue2 |
| vulnerability_id |
VCID-7tph-k8q2-bue2 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41991 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75851 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75813 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.7582 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75839 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75803 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.7577 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75792 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75759 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41991 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2 |
|
| 8 |
| url |
VCID-896g-hqec-ryb9 |
| vulnerability_id |
VCID-896g-hqec-ryb9 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61467 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61428 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.6146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61423 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61377 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61407 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61378 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9 |
|
| 9 |
| url |
VCID-8jaq-53td-wbeg |
| vulnerability_id |
VCID-8jaq-53td-wbeg |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94298 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94351 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9433 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94329 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94328 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94324 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9432 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9431 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94309 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg |
|
| 10 |
| url |
VCID-8m4b-y4va-kqgm |
| vulnerability_id |
VCID-8m4b-y4va-kqgm |
| summary |
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84423 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.844 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84404 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86066 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.8603 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86076 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm |
|
| 11 |
| url |
VCID-8xgs-8xjr-cber |
| vulnerability_id |
VCID-8xgs-8xjr-cber |
| summary |
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.8041 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80408 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80379 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80386 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80402 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80372 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80343 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80355 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80335 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber |
|
| 12 |
| url |
VCID-9abh-apwm-ebab |
| vulnerability_id |
VCID-9abh-apwm-ebab |
| summary |
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-32873 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37659 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37613 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37641 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37674 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37661 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37647 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37717 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37692 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-32873 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab |
|
| 13 |
| url |
VCID-9uzd-mmyv-mfh4 |
| vulnerability_id |
VCID-9uzd-mmyv-mfh4 |
| summary |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68747 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68774 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68804 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00642 |
| scoring_system |
epss |
| scoring_elements |
0.70648 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00642 |
| scoring_system |
epss |
| scoring_elements |
0.7064 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2025-64459, GHSA-frmv-pr5f-9mcr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4 |
|
| 14 |
| url |
VCID-a8zx-jamf-cfcm |
| vulnerability_id |
VCID-a8zx-jamf-cfcm |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95354 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95328 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95335 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95344 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95346 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95357 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95376 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95367 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95382 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14234 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zx-jamf-cfcm |
|
| 15 |
| url |
VCID-c6xy-v4sf-u3hn |
| vulnerability_id |
VCID-c6xy-v4sf-u3hn |
| summary |
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59682 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05198 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05196 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05251 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05265 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05279 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05314 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05294 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05258 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05234 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05204 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59682 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2025-59682, GHSA-q95w-c7qg-hrff
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn |
|
| 16 |
| url |
VCID-e2jd-yd4j-kqgt |
| vulnerability_id |
VCID-e2jd-yd4j-kqgt |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46415 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46418 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46379 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46355 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46299 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46351 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46331 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt |
|
| 17 |
| url |
VCID-e87q-1j8h-93hh |
| vulnerability_id |
VCID-e87q-1j8h-93hh |
| summary |
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56374 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24686 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24537 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24724 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24545 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24532 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24586 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24496 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24567 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24629 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24612 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56374 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh |
|
| 18 |
| url |
VCID-j4br-4y39-s3gs |
| vulnerability_id |
VCID-j4br-4y39-s3gs |
| summary |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13596 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76945 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.7694 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76898 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76903 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76923 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76896 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76854 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76872 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76843 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00992 |
| scoring_system |
epss |
| scoring_elements |
0.76836 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13596 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-13596, CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j4br-4y39-s3gs |
|
| 19 |
| url |
VCID-jae8-w85w-cyfu |
| vulnerability_id |
VCID-jae8-w85w-cyfu |
| summary |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83947 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83922 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83926 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83932 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83915 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83854 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83868 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83884 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83885 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83909 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83948 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7537 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3 |
| purl |
pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 7 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 8 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 9 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 10 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 11 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 12 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 13 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 14 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 15 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 16 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 17 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 18 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 19 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 20 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 21 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 22 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 23 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 24 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 25 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 26 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 27 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 28 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 29 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 30 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 31 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 32 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 33 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 34 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 35 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 36 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 37 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 38 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 39 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 40 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 41 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 42 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 43 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 44 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 45 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 46 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 47 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 48 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 49 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 50 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 51 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 52 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 53 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 54 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 55 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 56 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 57 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 58 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 59 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 60 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 61 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 62 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 63 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 64 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 65 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 66 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 67 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 68 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 69 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 70 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 71 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 72 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 73 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 74 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 75 |
| vulnerability |
VCID-y8fz-krt7-vkhp |
|
| 76 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 77 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 78 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 79 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.7.11-1%252Bdeb8u3 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 2 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jae8-w85w-cyfu |
|
| 20 |
| url |
VCID-jh1e-72hp-fuf4 |
| vulnerability_id |
VCID-jh1e-72hp-fuf4 |
| summary |
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01855 |
| scoring_system |
epss |
| scoring_elements |
0.82977 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85665 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85642 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85599 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85635 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85604 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8567 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4 |
|
| 21 |
| url |
VCID-jtru-9jmz-kkek |
| vulnerability_id |
VCID-jtru-9jmz-kkek |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14233 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89156 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89145 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89148 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89089 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89098 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89132 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14233 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jtru-9jmz-kkek |
|
| 22 |
| url |
VCID-m91a-6235-nye9 |
| vulnerability_id |
VCID-m91a-6235-nye9 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55874 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5587 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55807 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55834 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55852 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55873 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55863 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55809 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42005 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9 |
|
| 23 |
| url |
VCID-mux4-uv98-hbbw |
| vulnerability_id |
VCID-mux4-uv98-hbbw |
| summary |
Django vulnerable to SQL injection in column aliases
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59681 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01962 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01975 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01974 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01959 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01955 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01935 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59681 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2025-59681, GHSA-hpr9-3m2g-3j9p
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw |
|
| 24 |
| url |
VCID-mv1p-yxvp-pbh6 |
| vulnerability_id |
VCID-mv1p-yxvp-pbh6 |
| summary |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7536 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80172 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80254 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80252 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80224 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.8023 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80244 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80226 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80216 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80188 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80179 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7536 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3 |
| purl |
pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 7 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 8 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 9 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 10 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 11 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 12 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 13 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 14 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 15 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 16 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 17 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 18 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 19 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 20 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 21 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 22 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 23 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 24 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 25 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 26 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 27 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 28 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 29 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 30 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 31 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 32 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 33 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 34 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 35 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 36 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 37 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 38 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 39 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 40 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 41 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 42 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 43 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 44 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 45 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 46 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 47 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 48 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 49 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 50 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 51 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 52 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 53 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 54 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 55 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 56 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 57 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 58 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 59 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 60 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 61 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 62 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 63 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 64 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 65 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 66 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 67 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 68 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 69 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 70 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 71 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 72 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 73 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 74 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 75 |
| vulnerability |
VCID-y8fz-krt7-vkhp |
|
| 76 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 77 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 78 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 79 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.7.11-1%252Bdeb8u3 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 2 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mv1p-yxvp-pbh6 |
|
| 25 |
| url |
VCID-q12d-kv8p-8ff7 |
| vulnerability_id |
VCID-q12d-kv8p-8ff7 |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37652 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37615 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37571 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37632 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37676 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37555 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37607 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37599 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39329 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7 |
|
| 26 |
| url |
VCID-qjez-qe32-e3b6 |
| vulnerability_id |
VCID-qjez-qe32-e3b6 |
| summary |
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12781 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88273 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88294 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88296 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88282 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88254 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88226 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88234 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88249 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88291 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88279 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12781 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6c7v-2f49-8h26 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6c7v-2f49-8h26 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4043-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4043-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qjez-qe32-e3b6 |
|
| 27 |
| url |
VCID-u3zk-tff2-aua9 |
| vulnerability_id |
VCID-u3zk-tff2-aua9 |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39614 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91334 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91373 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91348 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91349 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91321 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91314 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91304 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39614 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9 |
|
| 28 |
| url |
VCID-ukkt-wgau-t3et |
| vulnerability_id |
VCID-ukkt-wgau-t3et |
| summary |
Django is vulnerable to DoS via XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64460 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19807 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22365 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22349 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22405 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22447 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2237 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.225 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22425 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2236 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64460 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2025-64460, GHSA-vrcr-9hj9-jcg6
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et |
|
| 29 |
| url |
VCID-v1xr-z4zu-yfb4 |
| vulnerability_id |
VCID-v1xr-z4zu-yfb4 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41989 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80356 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80354 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80324 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.803 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80279 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41989 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4 |
|
| 30 |
| url |
VCID-vwt9-q3dt-vbfg |
| vulnerability_id |
VCID-vwt9-q3dt-vbfg |
| summary |
Django is vulnerable to SQL injection in column aliases
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13372 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01185 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01173 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01184 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01181 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01188 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01201 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01194 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01182 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01203 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00835 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13372 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2025-13372, GHSA-rqw2-ghq9-44m7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vwt9-q3dt-vbfg |
|
| 31 |
| url |
VCID-w2dv-u8h6-sbgs |
| vulnerability_id |
VCID-w2dv-u8h6-sbgs |
| summary |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.9279 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.928 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92796 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92785 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92815 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92814 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92804 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs |
|
| 32 |
| url |
VCID-w4pr-k5nj-ckgy |
| vulnerability_id |
VCID-w4pr-k5nj-ckgy |
| summary |
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05549 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05535 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05593 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05798 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05834 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05828 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05868 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy |
|
| 33 |
| url |
VCID-wkrc-62bd-bbgx |
| vulnerability_id |
VCID-wkrc-62bd-bbgx |
| summary |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13254 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92472 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92462 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92463 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92461 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92455 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.9245 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92438 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92436 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92427 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.08673 |
| scoring_system |
epss |
| scoring_elements |
0.92421 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13254 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
| url |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| purl |
pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2 |
|
|
| aliases |
BIT-django-2020-13254, CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrc-62bd-bbgx |
|
| 34 |
| url |
VCID-wwa5-mhgu-9khz |
| vulnerability_id |
VCID-wwa5-mhgu-9khz |
| summary |
Django denial-of-service in django.utils.html.strip_tags()
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53907 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7745 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77412 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77416 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77371 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7739 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77436 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7741 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.774 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53907 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
CVE-2024-53907, GHSA-8498-2h75-472j
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz |
|
| 35 |
| url |
VCID-x664-bfna-6qdv |
| vulnerability_id |
VCID-x664-bfna-6qdv |
| summary |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-3498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80747 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80746 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.8071 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80718 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80652 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80682 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.8066 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80732 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80715 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80706 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80677 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-3498 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://usn.ubuntu.com/3851-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3851-1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-3498 |
| reference_id |
CVE-2019-3498 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 3 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-3498 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x664-bfna-6qdv |
|
| 36 |
| url |
VCID-xaqg-mhqa-7keg |
| vulnerability_id |
VCID-xaqg-mhqa-7keg |
| summary |
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6975 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95194 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95219 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95211 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95207 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95206 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95242 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95239 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95231 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95228 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95222 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6975 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 23 |
| reference_url |
https://usn.ubuntu.com/3890-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3890-1 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6975 |
| reference_id |
CVE-2019-6975 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6975 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
|
| aliases |
CVE-2019-6975, GHSA-wh4h-v3f2-r2pp, PYSEC-2019-18
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xaqg-mhqa-7keg |
|
| 37 |
| url |
VCID-xgv1-s2ek-q3dp |
| vulnerability_id |
VCID-xgv1-s2ek-q3dp |
| summary |
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-26699 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52199 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81675 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.8167 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81643 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81624 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81676 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81682 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-26699 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp |
|
| 38 |
| url |
VCID-z27q-zfpz-ckby |
| vulnerability_id |
VCID-z27q-zfpz-ckby |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40454 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40445 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40476 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40429 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40486 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.4048 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40465 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40448 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39330 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| purl |
pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-27wt-wmzc-1bc2 |
|
| 3 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 4 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 5 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 6 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 7 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 8 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 9 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 10 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 11 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 12 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 13 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 14 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 15 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 16 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 17 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 18 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 19 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 20 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 21 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 22 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 23 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 24 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 25 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 26 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 27 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 28 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 29 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 30 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 31 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 32 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 33 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 34 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 35 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 36 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 37 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 38 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 39 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 40 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 41 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 42 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 43 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 44 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 45 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 46 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 47 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 48 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 49 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 50 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 51 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 52 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 53 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 54 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 55 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 56 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 57 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 58 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 59 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 60 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 61 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 62 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 63 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 64 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 65 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 66 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 67 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 68 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 69 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9 |
|
| 1 |
| url |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| purl |
pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 4 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 7 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 8 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 9 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 10 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 11 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 12 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 13 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 14 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 15 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 16 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 17 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 18 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 19 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 20 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 21 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 22 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 23 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 24 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 25 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 26 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 27 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 28 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 29 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 30 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 31 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 32 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 33 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 34 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 35 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 36 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 37 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 38 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 39 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 40 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 41 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 42 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 43 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 44 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 45 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 46 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 47 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 48 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 49 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 50 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 51 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 52 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 53 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 54 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 55 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 56 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 57 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 58 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
| 59 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1 |
|
| 2 |
|
|
| aliases |
BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby |
|
|
|---|