Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
Typedeb
Namespacedebian
Namepython-django
Version3:3.2.19-1+deb12u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3:3.2.25-0+deb12u2
Latest_non_vulnerable_version3:4.2.30-1
Affected_by_vulnerabilities
0
url VCID-1adz-zw3h-pqek
vulnerability_id VCID-1adz-zw3h-pqek
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3902
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03059
published_at 2026-04-24T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03064
published_at 2026-04-21T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10679
published_at 2026-04-08T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10735
published_at 2026-04-09T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10749
published_at 2026-04-11T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10717
published_at 2026-04-12T12:55:00Z
6
value 0.00047
scoring_system epss
scoring_elements 0.14521
published_at 2026-04-18T12:55:00Z
7
value 0.00047
scoring_system epss
scoring_elements 0.14623
published_at 2026-04-13T12:55:00Z
8
value 0.00047
scoring_system epss
scoring_elements 0.14514
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3902
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455935
reference_id 2455935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455935
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3902
reference_id CVE-2026-3902
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3902
11
reference_url https://github.com/advisories/GHSA-mvfq-ggxm-9mc5
reference_id GHSA-mvfq-ggxm-9mc5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mvfq-ggxm-9mc5
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
1
url pkg:deb/debian/python-django@3:4.2.30-1
purl pkg:deb/debian/python-django@3:4.2.30-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1
aliases CVE-2026-3902, GHSA-mvfq-ggxm-9mc5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1adz-zw3h-pqek
1
url VCID-46pv-pzsu-jucd
vulnerability_id VCID-46pv-pzsu-jucd
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4292
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01049
published_at 2026-04-13T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.01936
published_at 2026-04-18T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01934
published_at 2026-04-16T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02007
published_at 2026-04-24T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02021
published_at 2026-04-21T12:55:00Z
5
value 8e-05
scoring_system epss
scoring_elements 0.00676
published_at 2026-04-08T12:55:00Z
6
value 8e-05
scoring_system epss
scoring_elements 0.00661
published_at 2026-04-12T12:55:00Z
7
value 8e-05
scoring_system epss
scoring_elements 0.00667
published_at 2026-04-11T12:55:00Z
8
value 8e-05
scoring_system epss
scoring_elements 0.00668
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455941
reference_id 2455941
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455941
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4292
reference_id CVE-2026-4292
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4292
11
reference_url https://github.com/advisories/GHSA-mmwr-2jhp-mc7j
reference_id GHSA-mmwr-2jhp-mc7j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmwr-2jhp-mc7j
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
14
reference_url https://usn.ubuntu.com/8154-2/
reference_id USN-8154-2
reference_type
scores
url https://usn.ubuntu.com/8154-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
1
url pkg:deb/debian/python-django@3:4.2.30-1
purl pkg:deb/debian/python-django@3:4.2.30-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1
aliases CVE-2026-4292, GHSA-mmwr-2jhp-mc7j
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46pv-pzsu-jucd
2
url VCID-ac4c-321h-tqfk
vulnerability_id VCID-ac4c-321h-tqfk
summary 
Django has a Race Condition vulnerability
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.

Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments.

Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25674.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25674.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25674
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01096
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01377
published_at 2026-04-21T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01289
published_at 2026-04-16T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01297
published_at 2026-04-12T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01303
published_at 2026-04-18T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01319
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01316
published_at 2026-04-08T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01311
published_at 2026-04-07T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01299
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01387
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25674
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:27:07Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25674
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25674
8
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129595
reference_id 1129595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129595
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2444111
reference_id 2444111
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2444111
11
reference_url https://github.com/advisories/GHSA-mjgh-79qc-68w3
reference_id GHSA-mjgh-79qc-68w3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjgh-79qc-68w3
12
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:27:07Z/
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
1
url pkg:deb/debian/python-django@3:4.2.29-1
purl pkg:deb/debian/python-django@3:4.2.29-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46pv-pzsu-jucd
1
vulnerability VCID-ff2a-at5f-2qa8
2
vulnerability VCID-gfym-spzk-w7gk
3
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1
2
url pkg:deb/debian/python-django@3:4.2.30-1
purl pkg:deb/debian/python-django@3:4.2.30-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1
aliases CVE-2026-25674, GHSA-mjgh-79qc-68w3
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ac4c-321h-tqfk
3
url VCID-ff2a-at5f-2qa8
vulnerability_id VCID-ff2a-at5f-2qa8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33033
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12933
published_at 2026-04-24T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12909
published_at 2026-04-21T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.2707
published_at 2026-04-08T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.27077
published_at 2026-04-12T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.2712
published_at 2026-04-11T12:55:00Z
5
value 0.00098
scoring_system epss
scoring_elements 0.27116
published_at 2026-04-09T12:55:00Z
6
value 0.0011
scoring_system epss
scoring_elements 0.29376
published_at 2026-04-13T12:55:00Z
7
value 0.00133
scoring_system epss
scoring_elements 0.32886
published_at 2026-04-16T12:55:00Z
8
value 0.00133
scoring_system epss
scoring_elements 0.32864
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33033
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455962
reference_id 2455962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455962
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33033
reference_id CVE-2026-33033
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33033
11
reference_url https://github.com/advisories/GHSA-5mf9-h53q-7mhq
reference_id GHSA-5mf9-h53q-7mhq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mf9-h53q-7mhq
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
14
reference_url https://usn.ubuntu.com/8154-2/
reference_id USN-8154-2
reference_type
scores
url https://usn.ubuntu.com/8154-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
1
url pkg:deb/debian/python-django@3:4.2.30-1
purl pkg:deb/debian/python-django@3:4.2.30-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1
aliases CVE-2026-33033, GHSA-5mf9-h53q-7mhq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ff2a-at5f-2qa8
4
url VCID-gfym-spzk-w7gk
vulnerability_id VCID-gfym-spzk-w7gk
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4277
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01986
published_at 2026-04-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.0197
published_at 2026-04-08T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05434
published_at 2026-04-21T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05474
published_at 2026-04-24T12:55:00Z
4
value 0.0004
scoring_system epss
scoring_elements 0.12281
published_at 2026-04-12T12:55:00Z
5
value 0.0004
scoring_system epss
scoring_elements 0.12317
published_at 2026-04-11T12:55:00Z
6
value 0.00053
scoring_system epss
scoring_elements 0.16578
published_at 2026-04-13T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17458
published_at 2026-04-18T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17449
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4277
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455939
reference_id 2455939
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455939
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4277
reference_id CVE-2026-4277
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4277
11
reference_url https://github.com/advisories/GHSA-pwjp-ccjc-ghwg
reference_id GHSA-pwjp-ccjc-ghwg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwjp-ccjc-ghwg
12
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
13
reference_url https://usn.ubuntu.com/8154-2/
reference_id USN-8154-2
reference_type
scores
url https://usn.ubuntu.com/8154-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
1
url pkg:deb/debian/python-django@3:4.2.30-1
purl pkg:deb/debian/python-django@3:4.2.30-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1
aliases CVE-2026-4277, GHSA-pwjp-ccjc-ghwg
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfym-spzk-w7gk
5
url VCID-jzae-1awh-k7cm
vulnerability_id VCID-jzae-1awh-k7cm
summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38875.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38875
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.55985
published_at 2026-04-12T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.55907
published_at 2026-04-24T12:55:00Z
2
value 0.0033
scoring_system epss
scoring_elements 0.55981
published_at 2026-04-21T12:55:00Z
3
value 0.0033
scoring_system epss
scoring_elements 0.56006
published_at 2026-04-18T12:55:00Z
4
value 0.0033
scoring_system epss
scoring_elements 0.56003
published_at 2026-04-16T12:55:00Z
5
value 0.0033
scoring_system epss
scoring_elements 0.55967
published_at 2026-04-13T12:55:00Z
6
value 0.0033
scoring_system epss
scoring_elements 0.56005
published_at 2026-04-11T12:55:00Z
7
value 0.0033
scoring_system epss
scoring_elements 0.55994
published_at 2026-04-09T12:55:00Z
8
value 0.0033
scoring_system epss
scoring_elements 0.55992
published_at 2026-04-08T12:55:00Z
9
value 0.0033
scoring_system epss
scoring_elements 0.55962
published_at 2026-04-04T12:55:00Z
10
value 0.0033
scoring_system epss
scoring_elements 0.55941
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38875
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38875
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:43:12Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db
8
reference_url https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:43:12Z/
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38875
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38875
12
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
13
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:43:12Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295935
reference_id 2295935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295935
17
reference_url https://github.com/advisories/GHSA-qg2p-9jwr-mmqf
reference_id GHSA-qg2p-9jwr-mmqf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qg2p-9jwr-mmqf
18
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
19
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
20
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
21
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
22
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
23
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-38875, CVE-2024-38875, GHSA-qg2p-9jwr-mmqf, PYSEC-2024-56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzae-1awh-k7cm
6
url VCID-mga4-an1w-qqf9
vulnerability_id VCID-mga4-an1w-qqf9
summary 
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45230
reference_id
reference_type
scores
0
value 0.02721
scoring_system epss
scoring_elements 0.85968
published_at 2026-04-24T12:55:00Z
1
value 0.02721
scoring_system epss
scoring_elements 0.85948
published_at 2026-04-21T12:55:00Z
2
value 0.02721
scoring_system epss
scoring_elements 0.85957
published_at 2026-04-18T12:55:00Z
3
value 0.02721
scoring_system epss
scoring_elements 0.85953
published_at 2026-04-16T12:55:00Z
4
value 0.02721
scoring_system epss
scoring_elements 0.85935
published_at 2026-04-13T12:55:00Z
5
value 0.02721
scoring_system epss
scoring_elements 0.8594
published_at 2026-04-12T12:55:00Z
6
value 0.02721
scoring_system epss
scoring_elements 0.85942
published_at 2026-04-11T12:55:00Z
7
value 0.02721
scoring_system epss
scoring_elements 0.85928
published_at 2026-04-09T12:55:00Z
8
value 0.02721
scoring_system epss
scoring_elements 0.85918
published_at 2026-04-08T12:55:00Z
9
value 0.02721
scoring_system epss
scoring_elements 0.85896
published_at 2026-04-04T12:55:00Z
10
value 0.02721
scoring_system epss
scoring_elements 0.8588
published_at 2026-04-02T12:55:00Z
11
value 0.02721
scoring_system epss
scoring_elements 0.85899
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45230
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397
8
reference_url https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b
9
reference_url https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml
11
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/
url https://groups.google.com/forum/#%21forum/django-announce
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45230
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45230
13
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314485
reference_id 2314485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314485
16
reference_url https://github.com/advisories/GHSA-5hgc-2vfp-mqvc
reference_id GHSA-5hgc-2vfp-mqvc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hgc-2vfp-mqvc
17
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
18
reference_url https://access.redhat.com/errata/RHSA-2024:8534
reference_id RHSA-2024:8534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8534
19
reference_url https://usn.ubuntu.com/6987-1/
reference_id USN-6987-1
reference_type
scores
url https://usn.ubuntu.com/6987-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-45230, CVE-2024-45230, GHSA-5hgc-2vfp-mqvc, PYSEC-2024-102
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mga4-an1w-qqf9
7
url VCID-ssut-reka-r3f8
vulnerability_id VCID-ssut-reka-r3f8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33034
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06717
published_at 2026-04-08T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06742
published_at 2026-04-12T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.06749
published_at 2026-04-11T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.0675
published_at 2026-04-09T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09313
published_at 2026-04-21T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.0916
published_at 2026-04-18T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09166
published_at 2026-04-16T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09326
published_at 2026-04-13T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10779
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33034
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455927
reference_id 2455927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455927
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33034
reference_id CVE-2026-33034
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33034
11
reference_url https://github.com/advisories/GHSA-933h-hp56-hf7m
reference_id GHSA-933h-hp56-hf7m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-933h-hp56-hf7m
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
1
url pkg:deb/debian/python-django@3:4.2.30-1
purl pkg:deb/debian/python-django@3:4.2.30-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1
aliases CVE-2026-33034, GHSA-933h-hp56-hf7m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssut-reka-r3f8
8
url VCID-xhpa-mffz-syfy
vulnerability_id VCID-xhpa-mffz-syfy
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41990
reference_id
reference_type
scores
0
value 0.01326
scoring_system epss
scoring_elements 0.79978
published_at 2026-04-24T12:55:00Z
1
value 0.01326
scoring_system epss
scoring_elements 0.79949
published_at 2026-04-21T12:55:00Z
2
value 0.01326
scoring_system epss
scoring_elements 0.79941
published_at 2026-04-11T12:55:00Z
3
value 0.01326
scoring_system epss
scoring_elements 0.79917
published_at 2026-04-13T12:55:00Z
4
value 0.01326
scoring_system epss
scoring_elements 0.79925
published_at 2026-04-12T12:55:00Z
5
value 0.01326
scoring_system epss
scoring_elements 0.79921
published_at 2026-04-09T12:55:00Z
6
value 0.01326
scoring_system epss
scoring_elements 0.79912
published_at 2026-04-08T12:55:00Z
7
value 0.01326
scoring_system epss
scoring_elements 0.79884
published_at 2026-04-07T12:55:00Z
8
value 0.01326
scoring_system epss
scoring_elements 0.79896
published_at 2026-04-04T12:55:00Z
9
value 0.01326
scoring_system epss
scoring_elements 0.79875
published_at 2026-04-02T12:55:00Z
10
value 0.01326
scoring_system epss
scoring_elements 0.79946
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41990
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
8
reference_url https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41990
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41990
12
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
13
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302434
reference_id 2302434
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302434
17
reference_url https://github.com/advisories/GHSA-795c-9xpc-xw6g
reference_id GHSA-795c-9xpc-xw6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-795c-9xpc-xw6g
18
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
19
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
20
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
21
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-41990, CVE-2024-41990, GHSA-795c-9xpc-xw6g, PYSEC-2024-68
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhpa-mffz-syfy
Fixing_vulnerabilities
0
url VCID-28g3-ubx6-ebff
vulnerability_id VCID-28g3-ubx6-ebff
summary 
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20187
published_at 2026-04-02T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20125
published_at 2026-04-11T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20106
published_at 2026-04-09T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20047
published_at 2026-04-08T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19968
published_at 2026-04-07T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.20242
published_at 2026-04-04T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20771
published_at 2026-04-13T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20742
published_at 2026-04-21T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20754
published_at 2026-04-18T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20761
published_at 2026-04-16T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20824
published_at 2026-04-12T12:55:00Z
11
value 0.00067
scoring_system epss
scoring_elements 0.20626
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
reference_id 2436340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
12
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
17
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
18
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2026-1285, GHSA-4rrr-2h4v-f3j9
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff
1
url VCID-2tfv-rtq7-2fg9
vulnerability_id VCID-2tfv-rtq7-2fg9
summary 
Django has Observable Timing Discrepancy
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08681
published_at 2026-04-02T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08729
published_at 2026-04-04T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08653
published_at 2026-04-07T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08755
published_at 2026-04-11T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.0873
published_at 2026-04-08T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10623
published_at 2026-04-13T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10579
published_at 2026-04-24T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10631
published_at 2026-04-21T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10506
published_at 2026-04-18T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.10488
published_at 2026-04-16T12:55:00Z
10
value 0.00036
scoring_system epss
scoring_elements 0.10648
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
reference_id 2436343
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
11
reference_url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
reference_id GHSA-2mcm-79hx-8fxw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
12
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
13
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2025-13473, GHSA-2mcm-79hx-8fxw
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tfv-rtq7-2fg9
2
url VCID-4ztz-fq98-5fh1
vulnerability_id VCID-4ztz-fq98-5fh1
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61092
published_at 2026-04-24T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61067
published_at 2026-04-08T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61025
published_at 2026-04-02T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61053
published_at 2026-04-04T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61019
published_at 2026-04-07T12:55:00Z
5
value 0.00406
scoring_system epss
scoring_elements 0.61103
published_at 2026-04-21T12:55:00Z
6
value 0.00406
scoring_system epss
scoring_elements 0.6112
published_at 2026-04-18T12:55:00Z
7
value 0.00406
scoring_system epss
scoring_elements 0.61113
published_at 2026-04-16T12:55:00Z
8
value 0.00406
scoring_system epss
scoring_elements 0.61071
published_at 2026-04-13T12:55:00Z
9
value 0.00406
scoring_system epss
scoring_elements 0.6109
published_at 2026-04-12T12:55:00Z
10
value 0.00406
scoring_system epss
scoring_elements 0.61104
published_at 2026-04-11T12:55:00Z
11
value 0.00406
scoring_system epss
scoring_elements 0.61083
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
26
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
30
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
31
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
39
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0002
40
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
42
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
reference_id 1051226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
reference_id 2237258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
45
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
46
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
47
reference_url https://access.redhat.com/errata/RHSA-2023:5208
reference_id RHSA-2023:5208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5208
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://usn.ubuntu.com/6378-1/
reference_id USN-6378-1
reference_type
scores
url https://usn.ubuntu.com/6378-1/
50
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1
3
url VCID-7tph-k8q2-bue2
vulnerability_id VCID-7tph-k8q2-bue2
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
reference_id
reference_type
scores
0
value 0.0091
scoring_system epss
scoring_elements 0.75878
published_at 2026-04-24T12:55:00Z
1
value 0.0091
scoring_system epss
scoring_elements 0.75855
published_at 2026-04-18T12:55:00Z
2
value 0.0091
scoring_system epss
scoring_elements 0.75839
published_at 2026-04-21T12:55:00Z
3
value 0.0091
scoring_system epss
scoring_elements 0.75813
published_at 2026-04-13T12:55:00Z
4
value 0.0091
scoring_system epss
scoring_elements 0.7582
published_at 2026-04-12T12:55:00Z
5
value 0.0091
scoring_system epss
scoring_elements 0.75815
published_at 2026-04-09T12:55:00Z
6
value 0.0091
scoring_system epss
scoring_elements 0.75803
published_at 2026-04-08T12:55:00Z
7
value 0.0091
scoring_system epss
scoring_elements 0.7577
published_at 2026-04-07T12:55:00Z
8
value 0.0091
scoring_system epss
scoring_elements 0.75792
published_at 2026-04-04T12:55:00Z
9
value 0.0091
scoring_system epss
scoring_elements 0.75759
published_at 2026-04-02T12:55:00Z
10
value 0.0091
scoring_system epss
scoring_elements 0.75851
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
30
reference_url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
34
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
36
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
reference_id 2302435
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
39
reference_url https://github.com/advisories/GHSA-r836-hh6v-rg5g
reference_id GHSA-r836-hh6v-rg5g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r836-hh6v-rg5g
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:7987
reference_id RHSA-2024:7987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7987
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2
4
url VCID-896g-hqec-ryb9
vulnerability_id VCID-896g-hqec-ryb9
summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
reference_id
reference_type
scores
0
value 0.00411
scoring_system epss
scoring_elements 0.61442
published_at 2026-04-24T12:55:00Z
1
value 0.00411
scoring_system epss
scoring_elements 0.61455
published_at 2026-04-21T12:55:00Z
2
value 0.00411
scoring_system epss
scoring_elements 0.61471
published_at 2026-04-18T12:55:00Z
3
value 0.00411
scoring_system epss
scoring_elements 0.61467
published_at 2026-04-16T12:55:00Z
4
value 0.00411
scoring_system epss
scoring_elements 0.61428
published_at 2026-04-13T12:55:00Z
5
value 0.00411
scoring_system epss
scoring_elements 0.61446
published_at 2026-04-12T12:55:00Z
6
value 0.00411
scoring_system epss
scoring_elements 0.6146
published_at 2026-04-11T12:55:00Z
7
value 0.00411
scoring_system epss
scoring_elements 0.61439
published_at 2026-04-09T12:55:00Z
8
value 0.00411
scoring_system epss
scoring_elements 0.61423
published_at 2026-04-08T12:55:00Z
9
value 0.00411
scoring_system epss
scoring_elements 0.61377
published_at 2026-04-07T12:55:00Z
10
value 0.00411
scoring_system epss
scoring_elements 0.61407
published_at 2026-04-04T12:55:00Z
11
value 0.00411
scoring_system epss
scoring_elements 0.61378
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://groups.google.com/g/django-announce
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48432
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48432
32
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases
33
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
34
reference_url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases
35
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/04/5
36
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/2
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/2
37
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/3
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/3
38
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/4
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/4
39
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
reference_id 1107282
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
reference_id 2370365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
41
reference_url https://security.archlinux.org/ASA-202506-6
reference_id ASA-202506-6
reference_type
scores
url https://security.archlinux.org/ASA-202506-6
42
reference_url https://security.archlinux.org/AVG-2894
reference_id AVG-2894
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2894
43
reference_url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/
reference_id bugfix-releases
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/
44
reference_url https://github.com/advisories/GHSA-7xr5-9hcq-chf9
reference_id GHSA-7xr5-9hcq-chf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xr5-9hcq-chf9
45
reference_url https://access.redhat.com/errata/RHSA-2025:14686
reference_id RHSA-2025:14686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14686
46
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
47
reference_url https://usn.ubuntu.com/7555-1/
reference_id USN-7555-1
reference_type
scores
url https://usn.ubuntu.com/7555-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9
5
url VCID-8m4b-y4va-kqgm
vulnerability_id VCID-8m4b-y4va-kqgm
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
reference_id
reference_type
scores
0
value 0.02194
scoring_system epss
scoring_elements 0.84423
published_at 2026-04-18T12:55:00Z
1
value 0.02194
scoring_system epss
scoring_elements 0.844
published_at 2026-04-13T12:55:00Z
2
value 0.02194
scoring_system epss
scoring_elements 0.84404
published_at 2026-04-12T12:55:00Z
3
value 0.0279
scoring_system epss
scoring_elements 0.86091
published_at 2026-04-11T12:55:00Z
4
value 0.0279
scoring_system epss
scoring_elements 0.86076
published_at 2026-04-09T12:55:00Z
5
value 0.0279
scoring_system epss
scoring_elements 0.86066
published_at 2026-04-08T12:55:00Z
6
value 0.0279
scoring_system epss
scoring_elements 0.86047
published_at 2026-04-04T12:55:00Z
7
value 0.0279
scoring_system epss
scoring_elements 0.86046
published_at 2026-04-07T12:55:00Z
8
value 0.0279
scoring_system epss
scoring_elements 0.86119
published_at 2026-04-24T12:55:00Z
9
value 0.0279
scoring_system epss
scoring_elements 0.86099
published_at 2026-04-21T12:55:00Z
10
value 0.0279
scoring_system epss
scoring_elements 0.8603
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
26
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
30
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
31
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
39
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231221-0001
40
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
42
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/04/1
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
reference_id 1053475
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
reference_id 2241046
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
45
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
46
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
47
reference_url https://access.redhat.com/errata/RHSA-2023:6158
reference_id RHSA-2023:6158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6158
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://usn.ubuntu.com/6414-1/
reference_id USN-6414-1
reference_type
scores
url https://usn.ubuntu.com/6414-1/
50
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm
6
url VCID-8qu1-45n9-gyb1
vulnerability_id VCID-8qu1-45n9-gyb1
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01067
published_at 2026-04-11T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01084
published_at 2026-04-08T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01079
published_at 2026-04-07T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01072
published_at 2026-04-04T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01069
published_at 2026-04-02T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01541
published_at 2026-04-24T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01443
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01444
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-04-16T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01446
published_at 2026-04-18T12:55:00Z
11
value 0.00011
scoring_system epss
scoring_elements 0.01534
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
reference_id 2436339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
12
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
17
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
19
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
20
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2026-1287, GHSA-gvg8-93h5-g6qq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1
7
url VCID-8xgs-8xjr-cber
vulnerability_id VCID-8xgs-8xjr-cber
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24680
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.80439
published_at 2026-04-24T12:55:00Z
1
value 0.01394
scoring_system epss
scoring_elements 0.80413
published_at 2026-04-21T12:55:00Z
2
value 0.01394
scoring_system epss
scoring_elements 0.8041
published_at 2026-04-18T12:55:00Z
3
value 0.01394
scoring_system epss
scoring_elements 0.80408
published_at 2026-04-16T12:55:00Z
4
value 0.01394
scoring_system epss
scoring_elements 0.80379
published_at 2026-04-13T12:55:00Z
5
value 0.01394
scoring_system epss
scoring_elements 0.80386
published_at 2026-04-12T12:55:00Z
6
value 0.01394
scoring_system epss
scoring_elements 0.80402
published_at 2026-04-11T12:55:00Z
7
value 0.01394
scoring_system epss
scoring_elements 0.80383
published_at 2026-04-09T12:55:00Z
8
value 0.01394
scoring_system epss
scoring_elements 0.80372
published_at 2026-04-08T12:55:00Z
9
value 0.01394
scoring_system epss
scoring_elements 0.80343
published_at 2026-04-07T12:55:00Z
10
value 0.01394
scoring_system epss
scoring_elements 0.80335
published_at 2026-04-02T12:55:00Z
11
value 0.01394
scoring_system epss
scoring_elements 0.80355
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24680
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/5.0/releases/security
26
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://docs.djangoproject.com/en/5.0/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
30
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
31
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
32
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
34
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://groups.google.com/forum/#%21forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
42
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
43
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261856
reference_id 2261856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261856
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
reference_id D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
46
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
47
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
48
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
49
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
50
reference_url https://access.redhat.com/errata/RHSA-2024:2731
reference_id RHSA-2024:2731
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2731
51
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
reference_id SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
53
reference_url https://usn.ubuntu.com/6623-1/
reference_id USN-6623-1
reference_type
scores
url https://usn.ubuntu.com/6623-1/
54
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber
8
url VCID-9abh-apwm-ebab
vulnerability_id VCID-9abh-apwm-ebab
summary An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.3734
published_at 2026-04-24T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37577
published_at 2026-04-21T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37659
published_at 2026-04-16T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37613
published_at 2026-04-13T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37641
published_at 2026-04-18T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37674
published_at 2026-04-11T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37661
published_at 2026-04-09T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37647
published_at 2026-04-08T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37596
published_at 2026-04-07T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37717
published_at 2026-04-04T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37692
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
30
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
31
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://groups.google.com/g/django-announce
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32873
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32873
33
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/may/07/security-releases
34
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
35
reference_url http://www.openwall.com/lists/oss-security/2025/05/07/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/07/1
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872
reference_id 1104872
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
reference_id 2364980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
38
reference_url https://security.archlinux.org/ASA-202505-10
reference_id ASA-202505-10
reference_type
scores
url https://security.archlinux.org/ASA-202505-10
39
reference_url https://security.archlinux.org/AVG-2876
reference_id AVG-2876
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2876
40
reference_url https://github.com/advisories/GHSA-8j24-cjrq-gr2m
reference_id GHSA-8j24-cjrq-gr2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8j24-cjrq-gr2m
41
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
42
reference_url https://usn.ubuntu.com/7501-1/
reference_id USN-7501-1
reference_type
scores
url https://usn.ubuntu.com/7501-1/
43
reference_url https://usn.ubuntu.com/7501-2/
reference_id USN-7501-2
reference_type
scores
url https://usn.ubuntu.com/7501-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab
9
url VCID-9uzd-mmyv-mfh4
vulnerability_id VCID-9uzd-mmyv-mfh4
summary 
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.41087
published_at 2026-04-02T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.49031
published_at 2026-04-21T12:55:00Z
2
value 0.00256
scoring_system epss
scoring_elements 0.49016
published_at 2026-04-24T12:55:00Z
3
value 0.00576
scoring_system epss
scoring_elements 0.68774
published_at 2026-04-13T12:55:00Z
4
value 0.00576
scoring_system epss
scoring_elements 0.68747
published_at 2026-04-04T12:55:00Z
5
value 0.00576
scoring_system epss
scoring_elements 0.68776
published_at 2026-04-08T12:55:00Z
6
value 0.00576
scoring_system epss
scoring_elements 0.68795
published_at 2026-04-09T12:55:00Z
7
value 0.00576
scoring_system epss
scoring_elements 0.68818
published_at 2026-04-11T12:55:00Z
8
value 0.00576
scoring_system epss
scoring_elements 0.68804
published_at 2026-04-12T12:55:00Z
9
value 0.00576
scoring_system epss
scoring_elements 0.68724
published_at 2026-04-07T12:55:00Z
10
value 0.00642
scoring_system epss
scoring_elements 0.7064
published_at 2026-04-16T12:55:00Z
11
value 0.00642
scoring_system epss
scoring_elements 0.70648
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
27
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
28
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
29
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
30
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
31
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
32
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://groups.google.com/g/django-announce
33
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
34
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id 1120139
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id 2412651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
37
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id CVE-2025-64459
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
39
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
40
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
41
reference_url https://access.redhat.com/errata/RHSA-2025:23070
reference_id RHSA-2025:23070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23070
42
reference_url https://access.redhat.com/errata/RHSA-2025:23130
reference_id RHSA-2025:23130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23130
43
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
44
reference_url https://access.redhat.com/errata/RHSA-2025:23133
reference_id RHSA-2025:23133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23133
45
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
46
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
47
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id security-releases
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
48
reference_url https://usn.ubuntu.com/7859-1/
reference_id USN-7859-1
reference_type
scores
url https://usn.ubuntu.com/7859-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2025-64459, GHSA-frmv-pr5f-9mcr
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4
10
url VCID-c6xy-v4sf-u3hn
vulnerability_id VCID-c6xy-v4sf-u3hn
summary 
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59682
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05391
published_at 2026-04-24T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05353
published_at 2026-04-21T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05198
published_at 2026-04-18T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05196
published_at 2026-04-16T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05251
published_at 2026-04-13T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05265
published_at 2026-04-12T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05279
published_at 2026-04-11T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05314
published_at 2026-04-09T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05294
published_at 2026-04-08T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05258
published_at 2026-04-07T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05234
published_at 2026-04-04T12:55:00Z
11
value 0.0002
scoring_system epss
scoring_elements 0.05204
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59682
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
29
reference_url https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/
url https://groups.google.com/g/django-announce
31
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
32
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/01/3
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
reference_id 1116979
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400450
reference_id 2400450
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400450
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59682
reference_id CVE-2025-59682
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59682
36
reference_url https://github.com/advisories/GHSA-q95w-c7qg-hrff
reference_id GHSA-q95w-c7qg-hrff
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q95w-c7qg-hrff
37
reference_url https://access.redhat.com/errata/RHSA-2025:18979
reference_id RHSA-2025:18979
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18979
38
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
39
reference_url https://access.redhat.com/errata/RHSA-2025:19201
reference_id RHSA-2025:19201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19201
40
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
41
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
42
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
43
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id security-releases
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
44
reference_url https://usn.ubuntu.com/7794-1/
reference_id USN-7794-1
reference_type
scores
url https://usn.ubuntu.com/7794-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2025-59682, GHSA-q95w-c7qg-hrff
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn
11
url VCID-e2jd-yd4j-kqgt
vulnerability_id VCID-e2jd-yd4j-kqgt
summary 
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45231
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46342
published_at 2026-04-24T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.4636
published_at 2026-04-21T12:55:00Z
2
value 0.00235
scoring_system epss
scoring_elements 0.46415
published_at 2026-04-18T12:55:00Z
3
value 0.00235
scoring_system epss
scoring_elements 0.46418
published_at 2026-04-16T12:55:00Z
4
value 0.00235
scoring_system epss
scoring_elements 0.46361
published_at 2026-04-13T12:55:00Z
5
value 0.00235
scoring_system epss
scoring_elements 0.4635
published_at 2026-04-12T12:55:00Z
6
value 0.00235
scoring_system epss
scoring_elements 0.46379
published_at 2026-04-11T12:55:00Z
7
value 0.00235
scoring_system epss
scoring_elements 0.46355
published_at 2026-04-09T12:55:00Z
8
value 0.00235
scoring_system epss
scoring_elements 0.46299
published_at 2026-04-07T12:55:00Z
9
value 0.00235
scoring_system epss
scoring_elements 0.46331
published_at 2026-04-02T12:55:00Z
10
value 0.00235
scoring_system epss
scoring_elements 0.46351
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45231
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca
29
reference_url https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2
30
reference_url https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
31
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/
url https://groups.google.com/forum/#%21forum/django-announce
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45231
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45231
33
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314496
reference_id 2314496
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314496
35
reference_url https://github.com/advisories/GHSA-rrqc-c2jx-6jgv
reference_id GHSA-rrqc-c2jx-6jgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrqc-c2jx-6jgv
36
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
37
reference_url https://usn.ubuntu.com/6987-1/
reference_id USN-6987-1
reference_type
scores
url https://usn.ubuntu.com/6987-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt
12
url VCID-e87q-1j8h-93hh
vulnerability_id VCID-e87q-1j8h-93hh
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24457
published_at 2026-04-24T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24532
published_at 2026-04-13T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24512
published_at 2026-04-21T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24537
published_at 2026-04-18T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.24545
published_at 2026-04-16T12:55:00Z
5
value 0.00084
scoring_system epss
scoring_elements 0.24586
published_at 2026-04-12T12:55:00Z
6
value 0.00084
scoring_system epss
scoring_elements 0.24629
published_at 2026-04-11T12:55:00Z
7
value 0.00084
scoring_system epss
scoring_elements 0.24612
published_at 2026-04-09T12:55:00Z
8
value 0.00084
scoring_system epss
scoring_elements 0.24567
published_at 2026-04-08T12:55:00Z
9
value 0.00084
scoring_system epss
scoring_elements 0.24496
published_at 2026-04-07T12:55:00Z
10
value 0.00084
scoring_system epss
scoring_elements 0.24724
published_at 2026-04-04T12:55:00Z
11
value 0.00084
scoring_system epss
scoring_elements 0.24686
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe
30
reference_url https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
31
reference_url https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf
32
reference_url https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://groups.google.com/g/django-announce
35
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html
36
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56374
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56374
37
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases
38
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
39
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/14/2
40
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
reference_id 1093049
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
41
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
reference_id 2337996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
42
reference_url https://github.com/advisories/GHSA-qcgg-j2x8-h9g8
reference_id GHSA-qcgg-j2x8-h9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcgg-j2x8-h9g8
43
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
44
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
45
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
46
reference_url https://access.redhat.com/errata/RHSA-2025:0782
reference_id RHSA-2025:0782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0782
47
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
48
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
49
reference_url https://usn.ubuntu.com/7205-1/
reference_id USN-7205-1
reference_type
scores
url https://usn.ubuntu.com/7205-1/
50
reference_url https://usn.ubuntu.com/7205-2/
reference_id USN-7205-2
reference_type
scores
url https://usn.ubuntu.com/7205-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh
13
url VCID-jh1e-72hp-fuf4
vulnerability_id VCID-jh1e-72hp-fuf4
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
reference_id
reference_type
scores
0
value 0.01855
scoring_system epss
scoring_elements 0.82977
published_at 2026-04-02T12:55:00Z
1
value 0.02611
scoring_system epss
scoring_elements 0.8567
published_at 2026-04-18T12:55:00Z
2
value 0.02611
scoring_system epss
scoring_elements 0.85665
published_at 2026-04-21T12:55:00Z
3
value 0.02611
scoring_system epss
scoring_elements 0.85599
published_at 2026-04-04T12:55:00Z
4
value 0.02611
scoring_system epss
scoring_elements 0.85604
published_at 2026-04-07T12:55:00Z
5
value 0.02611
scoring_system epss
scoring_elements 0.85624
published_at 2026-04-08T12:55:00Z
6
value 0.02611
scoring_system epss
scoring_elements 0.85642
published_at 2026-04-13T12:55:00Z
7
value 0.02611
scoring_system epss
scoring_elements 0.85646
published_at 2026-04-12T12:55:00Z
8
value 0.02611
scoring_system epss
scoring_elements 0.85635
published_at 2026-04-09T12:55:00Z
9
value 0.02611
scoring_system epss
scoring_elements 0.85687
published_at 2026-04-24T12:55:00Z
10
value 0.02611
scoring_system epss
scoring_elements 0.8565
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/5.0/releases/security
26
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://docs.djangoproject.com/en/5.0/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
30
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
31
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
41
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
42
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
43
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url http://www.openwall.com/lists/oss-security/2024/03/04/1
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
reference_id 2266045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
reference_id D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
46
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
47
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
50
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
51
reference_url https://access.redhat.com/errata/RHSA-2025:4187
reference_id RHSA-2025:4187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4187
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
reference_id SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
53
reference_url https://usn.ubuntu.com/6674-1/
reference_id USN-6674-1
reference_type
scores
url https://usn.ubuntu.com/6674-1/
54
reference_url https://usn.ubuntu.com/6674-2/
reference_id USN-6674-2
reference_type
scores
url https://usn.ubuntu.com/6674-2/
55
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4
14
url VCID-m91a-6235-nye9
vulnerability_id VCID-m91a-6235-nye9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55775
published_at 2026-04-24T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.55848
published_at 2026-04-21T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.55809
published_at 2026-04-07T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.55807
published_at 2026-04-02T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55829
published_at 2026-04-04T12:55:00Z
5
value 0.00328
scoring_system epss
scoring_elements 0.55852
published_at 2026-04-12T12:55:00Z
6
value 0.00328
scoring_system epss
scoring_elements 0.55873
published_at 2026-04-11T12:55:00Z
7
value 0.00328
scoring_system epss
scoring_elements 0.55863
published_at 2026-04-09T12:55:00Z
8
value 0.00328
scoring_system epss
scoring_elements 0.5586
published_at 2026-04-08T12:55:00Z
9
value 0.00328
scoring_system epss
scoring_elements 0.55874
published_at 2026-04-18T12:55:00Z
10
value 0.00328
scoring_system epss
scoring_elements 0.5587
published_at 2026-04-16T12:55:00Z
11
value 0.00328
scoring_system epss
scoring_elements 0.55834
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
30
reference_url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
34
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
36
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
reference_id 2302436
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
39
reference_url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
reference_id GHSA-pv4p-cwwg-4rph
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9
15
url VCID-msge-1mfu-7qfa
vulnerability_id VCID-msge-1mfu-7qfa
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01067
published_at 2026-04-11T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01084
published_at 2026-04-08T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01079
published_at 2026-04-07T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01072
published_at 2026-04-04T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01069
published_at 2026-04-02T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01541
published_at 2026-04-24T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01443
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01444
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-04-16T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01446
published_at 2026-04-18T12:55:00Z
11
value 0.00011
scoring_system epss
scoring_elements 0.01534
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
7
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://groups.google.com/g/django-announce
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
reference_id 2436342
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
13
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6426-9fv3-65x8
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
16
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
17
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
18
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
19
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
20
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
21
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2026-1312, GHSA-6426-9fv3-65x8
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa
16
url VCID-mux4-uv98-hbbw
vulnerability_id VCID-mux4-uv98-hbbw
summary 
Django vulnerable to SQL injection in column aliases
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02008
published_at 2026-04-24T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02022
published_at 2026-04-21T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01937
published_at 2026-04-18T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.01935
published_at 2026-04-16T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.01955
published_at 2026-04-13T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.01959
published_at 2026-04-12T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.01991
published_at 2026-04-09T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.01974
published_at 2026-04-11T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.01975
published_at 2026-04-08T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.01962
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
29
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://groups.google.com/g/django-announce
31
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
32
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/01/3
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
reference_id 1116979
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
reference_id 2400449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
36
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
37
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
38
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
39
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
40
reference_url https://usn.ubuntu.com/7794-1/
reference_id USN-7794-1
reference_type
scores
url https://usn.ubuntu.com/7794-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2025-59681, GHSA-hpr9-3m2g-3j9p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw
17
url VCID-q12d-kv8p-8ff7
vulnerability_id VCID-q12d-kv8p-8ff7
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37652
published_at 2026-04-02T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37533
published_at 2026-04-21T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37596
published_at 2026-04-18T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37615
published_at 2026-04-16T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37676
published_at 2026-04-04T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37599
published_at 2026-04-12T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37607
published_at 2026-04-08T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37619
published_at 2026-04-09T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37632
published_at 2026-04-11T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37571
published_at 2026-04-13T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37555
published_at 2026-04-07T12:55:00Z
11
value 0.00166
scoring_system epss
scoring_elements 0.37386
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
30
reference_url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
34
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
36
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
reference_id 2295936
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
39
reference_url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
reference_id GHSA-x7q2-wr7g-xqmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
45
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7
18
url VCID-u3zk-tff2-aua9
vulnerability_id VCID-u3zk-tff2-aua9
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
reference_id
reference_type
scores
0
value 0.06838
scoring_system epss
scoring_elements 0.91339
published_at 2026-04-09T12:55:00Z
1
value 0.06838
scoring_system epss
scoring_elements 0.91382
published_at 2026-04-24T12:55:00Z
2
value 0.06838
scoring_system epss
scoring_elements 0.91371
published_at 2026-04-18T12:55:00Z
3
value 0.06838
scoring_system epss
scoring_elements 0.91373
published_at 2026-04-21T12:55:00Z
4
value 0.06838
scoring_system epss
scoring_elements 0.91348
published_at 2026-04-13T12:55:00Z
5
value 0.06838
scoring_system epss
scoring_elements 0.91349
published_at 2026-04-12T12:55:00Z
6
value 0.06838
scoring_system epss
scoring_elements 0.91346
published_at 2026-04-11T12:55:00Z
7
value 0.06838
scoring_system epss
scoring_elements 0.91334
published_at 2026-04-08T12:55:00Z
8
value 0.06838
scoring_system epss
scoring_elements 0.91321
published_at 2026-04-07T12:55:00Z
9
value 0.06838
scoring_system epss
scoring_elements 0.91314
published_at 2026-04-04T12:55:00Z
10
value 0.06838
scoring_system epss
scoring_elements 0.91304
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
30
reference_url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
34
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
36
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
reference_id 2295938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
39
reference_url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
reference_id GHSA-f6f8-9mx6-9mx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
45
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
46
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9
19
url VCID-ukkt-wgau-t3et
vulnerability_id VCID-ukkt-wgau-t3et
summary 
Django is vulnerable to DoS via XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19807
published_at 2026-04-02T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22158
published_at 2026-04-24T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.225
published_at 2026-04-04T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22288
published_at 2026-04-07T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.2237
published_at 2026-04-08T12:55:00Z
5
value 0.00074
scoring_system epss
scoring_elements 0.22425
published_at 2026-04-09T12:55:00Z
6
value 0.00074
scoring_system epss
scoring_elements 0.22447
published_at 2026-04-11T12:55:00Z
7
value 0.00074
scoring_system epss
scoring_elements 0.22405
published_at 2026-04-12T12:55:00Z
8
value 0.00074
scoring_system epss
scoring_elements 0.22349
published_at 2026-04-13T12:55:00Z
9
value 0.00074
scoring_system epss
scoring_elements 0.22365
published_at 2026-04-16T12:55:00Z
10
value 0.00074
scoring_system epss
scoring_elements 0.2236
published_at 2026-04-18T12:55:00Z
11
value 0.00074
scoring_system epss
scoring_elements 0.22308
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
29
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
30
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
31
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
32
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://groups.google.com/g/django-announce
33
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
reference_id 1121788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
35
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
reference_id 2418366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
36
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
37
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
38
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
39
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
40
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
41
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
42
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
43
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
44
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
45
reference_url https://usn.ubuntu.com/7903-1/
reference_id USN-7903-1
reference_type
scores
url https://usn.ubuntu.com/7903-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2025-64460, GHSA-vrcr-9hj9-jcg6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et
20
url VCID-v1xr-z4zu-yfb4
vulnerability_id VCID-v1xr-z4zu-yfb4
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
reference_id
reference_type
scores
0
value 0.01386
scoring_system epss
scoring_elements 0.80387
published_at 2026-04-24T12:55:00Z
1
value 0.01386
scoring_system epss
scoring_elements 0.80361
published_at 2026-04-21T12:55:00Z
2
value 0.01386
scoring_system epss
scoring_elements 0.80331
published_at 2026-04-12T12:55:00Z
3
value 0.01386
scoring_system epss
scoring_elements 0.80354
published_at 2026-04-16T12:55:00Z
4
value 0.01386
scoring_system epss
scoring_elements 0.80324
published_at 2026-04-13T12:55:00Z
5
value 0.01386
scoring_system epss
scoring_elements 0.80346
published_at 2026-04-11T12:55:00Z
6
value 0.01386
scoring_system epss
scoring_elements 0.80327
published_at 2026-04-09T12:55:00Z
7
value 0.01386
scoring_system epss
scoring_elements 0.80316
published_at 2026-04-08T12:55:00Z
8
value 0.01386
scoring_system epss
scoring_elements 0.80288
published_at 2026-04-07T12:55:00Z
9
value 0.01386
scoring_system epss
scoring_elements 0.803
published_at 2026-04-04T12:55:00Z
10
value 0.01386
scoring_system epss
scoring_elements 0.80279
published_at 2026-04-02T12:55:00Z
11
value 0.01386
scoring_system epss
scoring_elements 0.80356
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
30
reference_url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
34
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
36
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
reference_id 2302433
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
39
reference_url https://github.com/advisories/GHSA-jh75-99hh-qvx9
reference_id GHSA-jh75-99hh-qvx9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh75-99hh-qvx9
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8534
reference_id RHSA-2024:8534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8534
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4
21
url VCID-w4pr-k5nj-ckgy
vulnerability_id VCID-w4pr-k5nj-ckgy
summary 
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.0574
published_at 2026-04-24T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05586
published_at 2026-04-13T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05706
published_at 2026-04-21T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05549
published_at 2026-04-18T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05535
published_at 2026-04-16T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05593
published_at 2026-04-12T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05603
published_at 2026-04-11T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05631
published_at 2026-04-09T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05834
published_at 2026-04-04T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.05798
published_at 2026-04-02T12:55:00Z
10
value 0.00022
scoring_system epss
scoring_elements 0.05868
published_at 2026-04-08T12:55:00Z
11
value 0.00022
scoring_system epss
scoring_elements 0.05828
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5
29
reference_url https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
30
reference_url https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
31
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://groups.google.com/g/django-announce
32
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
33
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57833
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57833
35
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases
36
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/09/03/3
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
reference_id 1113865
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
reference_id 2392990
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
39
reference_url https://github.com/advisories/GHSA-6w2r-r2m5-xq5w
reference_id GHSA-6w2r-r2m5-xq5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6w2r-r2m5-xq5w
40
reference_url https://access.redhat.com/errata/RHSA-2025:16403
reference_id RHSA-2025:16403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16403
41
reference_url https://access.redhat.com/errata/RHSA-2025:16404
reference_id RHSA-2025:16404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16404
42
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
43
reference_url https://access.redhat.com/errata/RHSA-2025:16514
reference_id RHSA-2025:16514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16514
44
reference_url https://access.redhat.com/errata/RHSA-2025:17498
reference_id RHSA-2025:17498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17498
45
reference_url https://access.redhat.com/errata/RHSA-2025:17499
reference_id RHSA-2025:17499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17499
46
reference_url https://access.redhat.com/errata/RHSA-2025:17500
reference_id RHSA-2025:17500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17500
47
reference_url https://access.redhat.com/errata/RHSA-2025:17606
reference_id RHSA-2025:17606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17606
48
reference_url https://access.redhat.com/errata/RHSA-2025:17613
reference_id RHSA-2025:17613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17613
49
reference_url https://access.redhat.com/errata/RHSA-2025:17614
reference_id RHSA-2025:17614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17614
50
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
51
reference_url https://usn.ubuntu.com/7736-1/
reference_id USN-7736-1
reference_type
scores
url https://usn.ubuntu.com/7736-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy
22
url VCID-wwa5-mhgu-9khz
vulnerability_id VCID-wwa5-mhgu-9khz
summary 
Django denial-of-service in django.utils.html.strip_tags()
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
reference_id
reference_type
scores
0
value 0.01038
scoring_system epss
scoring_elements 0.77477
published_at 2026-04-24T12:55:00Z
1
value 0.01038
scoring_system epss
scoring_elements 0.77442
published_at 2026-04-21T12:55:00Z
2
value 0.01038
scoring_system epss
scoring_elements 0.7745
published_at 2026-04-18T12:55:00Z
3
value 0.01038
scoring_system epss
scoring_elements 0.77452
published_at 2026-04-16T12:55:00Z
4
value 0.01038
scoring_system epss
scoring_elements 0.77364
published_at 2026-04-02T12:55:00Z
5
value 0.01038
scoring_system epss
scoring_elements 0.77371
published_at 2026-04-07T12:55:00Z
6
value 0.01038
scoring_system epss
scoring_elements 0.7739
published_at 2026-04-04T12:55:00Z
7
value 0.01038
scoring_system epss
scoring_elements 0.77412
published_at 2026-04-13T12:55:00Z
8
value 0.01038
scoring_system epss
scoring_elements 0.77416
published_at 2026-04-12T12:55:00Z
9
value 0.01038
scoring_system epss
scoring_elements 0.77436
published_at 2026-04-11T12:55:00Z
10
value 0.01038
scoring_system epss
scoring_elements 0.7741
published_at 2026-04-09T12:55:00Z
11
value 0.01038
scoring_system epss
scoring_elements 0.774
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
29
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://groups.google.com/g/django-announce
30
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53907
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53907
32
reference_url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
33
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://www.openwall.com/lists/oss-security/2024/12/04/3
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
reference_id 2329288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
35
reference_url https://github.com/advisories/GHSA-8498-2h75-472j
reference_id GHSA-8498-2h75-472j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8498-2h75-472j
36
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
37
reference_url https://access.redhat.com/errata/RHSA-2024:11144
reference_id RHSA-2024:11144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11144
38
reference_url https://access.redhat.com/errata/RHSA-2024:11146
reference_id RHSA-2024:11146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11146
39
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
40
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
41
reference_url https://usn.ubuntu.com/7136-1/
reference_id USN-7136-1
reference_type
scores
url https://usn.ubuntu.com/7136-1/
42
reference_url https://usn.ubuntu.com/7136-2/
reference_id USN-7136-2
reference_type
scores
url https://usn.ubuntu.com/7136-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2024-53907, GHSA-8498-2h75-472j
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz
23
url VCID-xgv1-s2ek-q3dp
vulnerability_id VCID-xgv1-s2ek-q3dp
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52132
published_at 2026-04-24T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52185
published_at 2026-04-21T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52203
published_at 2026-04-18T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52199
published_at 2026-04-16T12:55:00Z
4
value 0.01596
scoring_system epss
scoring_elements 0.81624
published_at 2026-04-02T12:55:00Z
5
value 0.01596
scoring_system epss
scoring_elements 0.81646
published_at 2026-04-04T12:55:00Z
6
value 0.01596
scoring_system epss
scoring_elements 0.81643
published_at 2026-04-07T12:55:00Z
7
value 0.01596
scoring_system epss
scoring_elements 0.8167
published_at 2026-04-08T12:55:00Z
8
value 0.01596
scoring_system epss
scoring_elements 0.81675
published_at 2026-04-09T12:55:00Z
9
value 0.01596
scoring_system epss
scoring_elements 0.81695
published_at 2026-04-11T12:55:00Z
10
value 0.01596
scoring_system epss
scoring_elements 0.81682
published_at 2026-04-12T12:55:00Z
11
value 0.01596
scoring_system epss
scoring_elements 0.81676
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://groups.google.com/g/django-announce
31
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26699
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26699
33
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases
34
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
35
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/06/12
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
reference_id 1099682
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
reference_id 2348993
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
38
reference_url https://github.com/advisories/GHSA-p3fp-8748-vqfq
reference_id GHSA-p3fp-8748-vqfq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3fp-8748-vqfq
39
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
40
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
41
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
42
reference_url https://access.redhat.com/errata/RHSA-2025:3709
reference_id RHSA-2025:3709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3709
43
reference_url https://access.redhat.com/errata/RHSA-2025:4553
reference_id RHSA-2025:4553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4553
44
reference_url https://access.redhat.com/errata/RHSA-2025:8609
reference_id RHSA-2025:8609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8609
45
reference_url https://usn.ubuntu.com/7335-1/
reference_id USN-7335-1
reference_type
scores
url https://usn.ubuntu.com/7335-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp
24
url VCID-ysyp-h7ja-yff3
vulnerability_id VCID-ysyp-h7ja-yff3
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
reference_id
reference_type
scores
0
value 0.03841
scoring_system epss
scoring_elements 0.88146
published_at 2026-04-04T12:55:00Z
1
value 0.03841
scoring_system epss
scoring_elements 0.88188
published_at 2026-04-11T12:55:00Z
2
value 0.03841
scoring_system epss
scoring_elements 0.88178
published_at 2026-04-09T12:55:00Z
3
value 0.03841
scoring_system epss
scoring_elements 0.88172
published_at 2026-04-08T12:55:00Z
4
value 0.03841
scoring_system epss
scoring_elements 0.88153
published_at 2026-04-07T12:55:00Z
5
value 0.04424
scoring_system epss
scoring_elements 0.89061
published_at 2026-04-24T12:55:00Z
6
value 0.04424
scoring_system epss
scoring_elements 0.89043
published_at 2026-04-21T12:55:00Z
7
value 0.04424
scoring_system epss
scoring_elements 0.89048
published_at 2026-04-18T12:55:00Z
8
value 0.04424
scoring_system epss
scoring_elements 0.89035
published_at 2026-04-13T12:55:00Z
9
value 0.04424
scoring_system epss
scoring_elements 0.89037
published_at 2026-04-12T12:55:00Z
10
value 0.05126
scoring_system epss
scoring_elements 0.8982
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
reference_id 2436338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
12
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwm9-4648-f68q
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
17
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
19
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
20
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases CVE-2026-1207, GHSA-mwm9-4648-f68q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3
25
url VCID-z27q-zfpz-ckby
vulnerability_id VCID-z27q-zfpz-ckby
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40454
published_at 2026-04-08T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40261
published_at 2026-04-24T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.4037
published_at 2026-04-21T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40445
published_at 2026-04-18T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40476
published_at 2026-04-16T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.4048
published_at 2026-04-04T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40402
published_at 2026-04-07T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40465
published_at 2026-04-09T12:55:00Z
8
value 0.00186
scoring_system epss
scoring_elements 0.40486
published_at 2026-04-11T12:55:00Z
9
value 0.00186
scoring_system epss
scoring_elements 0.40448
published_at 2026-04-12T12:55:00Z
10
value 0.00186
scoring_system epss
scoring_elements 0.40429
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
30
reference_url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
34
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
36
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
reference_id 2295937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
39
reference_url https://github.com/advisories/GHSA-9jmf-237g-qf46
reference_id GHSA-9jmf-237g-qf46
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jmf-237g-qf46
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
45
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fs3-2msx-9kev
1
vulnerability VCID-1v22-g646-wbay
2
vulnerability VCID-27wt-wmzc-1bc2
3
vulnerability VCID-28g3-ubx6-ebff
4
vulnerability VCID-2tfv-rtq7-2fg9
5
vulnerability VCID-2zb9-27sm-3kgh
6
vulnerability VCID-42x9-8c3c-bug1
7
vulnerability VCID-438j-ce4y-zkan
8
vulnerability VCID-4ztz-fq98-5fh1
9
vulnerability VCID-56na-n4w5-8fak
10
vulnerability VCID-66w1-4zku-gyfp
11
vulnerability VCID-6gss-ppm5-3yc9
12
vulnerability VCID-7tca-pgcs-cuhd
13
vulnerability VCID-7tph-k8q2-bue2
14
vulnerability VCID-896g-hqec-ryb9
15
vulnerability VCID-8jaq-53td-wbeg
16
vulnerability VCID-8m4b-y4va-kqgm
17
vulnerability VCID-8qu1-45n9-gyb1
18
vulnerability VCID-8xgs-8xjr-cber
19
vulnerability VCID-9abh-apwm-ebab
20
vulnerability VCID-9k9t-vp1a-z7bt
21
vulnerability VCID-9uzd-mmyv-mfh4
22
vulnerability VCID-a8zx-jamf-cfcm
23
vulnerability VCID-c2kc-1jh1-j3ha
24
vulnerability VCID-c6xy-v4sf-u3hn
25
vulnerability VCID-c8s7-3g9m-d3cw
26
vulnerability VCID-e2jd-yd4j-kqgt
27
vulnerability VCID-e87q-1j8h-93hh
28
vulnerability VCID-gp5e-nguh-5fdk
29
vulnerability VCID-hwa2-n7a2-pyg1
30
vulnerability VCID-j4br-4y39-s3gs
31
vulnerability VCID-jae8-w85w-cyfu
32
vulnerability VCID-jh1e-72hp-fuf4
33
vulnerability VCID-jtru-9jmz-kkek
34
vulnerability VCID-kypj-ptb9-8qhz
35
vulnerability VCID-m91a-6235-nye9
36
vulnerability VCID-mmay-juu6-5ua9
37
vulnerability VCID-msge-1mfu-7qfa
38
vulnerability VCID-mux4-uv98-hbbw
39
vulnerability VCID-mv1p-yxvp-pbh6
40
vulnerability VCID-mzdk-m12w-q3fc
41
vulnerability VCID-nese-5485-hkbs
42
vulnerability VCID-pa75-6avj-duf7
43
vulnerability VCID-q12d-kv8p-8ff7
44
vulnerability VCID-qjez-qe32-e3b6
45
vulnerability VCID-qm34-ec8s-tfd7
46
vulnerability VCID-t6uc-dfrd-jyfg
47
vulnerability VCID-th9v-dk98-3kea
48
vulnerability VCID-u3zk-tff2-aua9
49
vulnerability VCID-u7m5-tzv2-c7hn
50
vulnerability VCID-ukkt-wgau-t3et
51
vulnerability VCID-ume2-wt6y-jye7
52
vulnerability VCID-upy5-adtx-n7hg
53
vulnerability VCID-v1xr-z4zu-yfb4
54
vulnerability VCID-v4ad-xxy8-wfc9
55
vulnerability VCID-vwt9-q3dt-vbfg
56
vulnerability VCID-w2dv-u8h6-sbgs
57
vulnerability VCID-w4pr-k5nj-ckgy
58
vulnerability VCID-w6k8-js68-87g4
59
vulnerability VCID-wb34-g6xq-rkfx
60
vulnerability VCID-wkrc-62bd-bbgx
61
vulnerability VCID-wwa5-mhgu-9khz
62
vulnerability VCID-wz1q-1tjp-4qhw
63
vulnerability VCID-x664-bfna-6qdv
64
vulnerability VCID-xaqg-mhqa-7keg
65
vulnerability VCID-xgv1-s2ek-q3dp
66
vulnerability VCID-ypub-ukuh-p3aw
67
vulnerability VCID-ysyp-h7ja-yff3
68
vulnerability VCID-z27q-zfpz-ckby
69
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-28g3-ubx6-ebff
2
vulnerability VCID-2tfv-rtq7-2fg9
3
vulnerability VCID-2zb9-27sm-3kgh
4
vulnerability VCID-42x9-8c3c-bug1
5
vulnerability VCID-4ztz-fq98-5fh1
6
vulnerability VCID-66w1-4zku-gyfp
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7tca-pgcs-cuhd
9
vulnerability VCID-7tph-k8q2-bue2
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8m4b-y4va-kqgm
13
vulnerability VCID-8qu1-45n9-gyb1
14
vulnerability VCID-8xgs-8xjr-cber
15
vulnerability VCID-9abh-apwm-ebab
16
vulnerability VCID-9k9t-vp1a-z7bt
17
vulnerability VCID-9uzd-mmyv-mfh4
18
vulnerability VCID-a8zx-jamf-cfcm
19
vulnerability VCID-c2kc-1jh1-j3ha
20
vulnerability VCID-c6xy-v4sf-u3hn
21
vulnerability VCID-c8s7-3g9m-d3cw
22
vulnerability VCID-e2jd-yd4j-kqgt
23
vulnerability VCID-e87q-1j8h-93hh
24
vulnerability VCID-gp5e-nguh-5fdk
25
vulnerability VCID-hwa2-n7a2-pyg1
26
vulnerability VCID-j4br-4y39-s3gs
27
vulnerability VCID-jh1e-72hp-fuf4
28
vulnerability VCID-jtru-9jmz-kkek
29
vulnerability VCID-kypj-ptb9-8qhz
30
vulnerability VCID-m91a-6235-nye9
31
vulnerability VCID-mmay-juu6-5ua9
32
vulnerability VCID-msge-1mfu-7qfa
33
vulnerability VCID-mux4-uv98-hbbw
34
vulnerability VCID-mzdk-m12w-q3fc
35
vulnerability VCID-nese-5485-hkbs
36
vulnerability VCID-pa75-6avj-duf7
37
vulnerability VCID-q12d-kv8p-8ff7
38
vulnerability VCID-qm34-ec8s-tfd7
39
vulnerability VCID-t6uc-dfrd-jyfg
40
vulnerability VCID-th9v-dk98-3kea
41
vulnerability VCID-u3zk-tff2-aua9
42
vulnerability VCID-u7m5-tzv2-c7hn
43
vulnerability VCID-ukkt-wgau-t3et
44
vulnerability VCID-ume2-wt6y-jye7
45
vulnerability VCID-upy5-adtx-n7hg
46
vulnerability VCID-v1xr-z4zu-yfb4
47
vulnerability VCID-v4ad-xxy8-wfc9
48
vulnerability VCID-w2dv-u8h6-sbgs
49
vulnerability VCID-w4pr-k5nj-ckgy
50
vulnerability VCID-w6k8-js68-87g4
51
vulnerability VCID-wb34-g6xq-rkfx
52
vulnerability VCID-wkrc-62bd-bbgx
53
vulnerability VCID-wwa5-mhgu-9khz
54
vulnerability VCID-wz1q-1tjp-4qhw
55
vulnerability VCID-xgv1-s2ek-q3dp
56
vulnerability VCID-ypub-ukuh-p3aw
57
vulnerability VCID-ysyp-h7ja-yff3
58
vulnerability VCID-z27q-zfpz-ckby
59
vulnerability VCID-z8z1-cjee-kfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1
aliases BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1