Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049561?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "type": "deb", "namespace": "debian", "name": "python-django", "version": "3:3.2.19-1+deb12u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3:3.2.25-0+deb12u2", "latest_non_vulnerable_version": "3:4.2.30-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350036?format=api", "vulnerability_id": "VCID-1adz-zw3h-pqek", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03059", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10735", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14521", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14623", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14514", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455935", "reference_id": "2455935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3902", "reference_id": "CVE-2026-3902", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3902" }, { "reference_url": "https://github.com/advisories/GHSA-mvfq-ggxm-9mc5", "reference_id": "GHSA-mvfq-ggxm-9mc5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mvfq-ggxm-9mc5" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059931?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1" } ], "aliases": [ "CVE-2026-3902", "GHSA-mvfq-ggxm-9mc5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1adz-zw3h-pqek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350037?format=api", "vulnerability_id": "VCID-46pv-pzsu-jucd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01049", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01936", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01934", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02007", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00676", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00661", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00667", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00668", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455941", "reference_id": "2455941", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4292", "reference_id": "CVE-2026-4292", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4292" }, { "reference_url": "https://github.com/advisories/GHSA-mmwr-2jhp-mc7j", "reference_id": "GHSA-mmwr-2jhp-mc7j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmwr-2jhp-mc7j" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" }, { "reference_url": "https://usn.ubuntu.com/8154-2/", "reference_id": "USN-8154-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059931?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1" } ], "aliases": [ "CVE-2026-4292", "GHSA-mmwr-2jhp-mc7j" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46pv-pzsu-jucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24731?format=api", "vulnerability_id": "VCID-ac4c-321h-tqfk", "summary": "Django has a Race Condition vulnerability\nAn issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.\n\nRace condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments.\n\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25674.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01096", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01377", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01289", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01303", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01316", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01311", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01299", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01387", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:27:07Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25674" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/mar/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/mar/03/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129595", "reference_id": "1129595", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444111", "reference_id": "2444111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444111" }, { "reference_url": "https://github.com/advisories/GHSA-mjgh-79qc-68w3", "reference_id": "GHSA-mjgh-79qc-68w3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mjgh-79qc-68w3" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/mar/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:27:07Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/mar/03/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1056735?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.29-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-ssut-reka-r3f8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059931?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1" } ], "aliases": [ "CVE-2026-25674", "GHSA-mjgh-79qc-68w3" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ac4c-321h-tqfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350035?format=api", "vulnerability_id": "VCID-ff2a-at5f-2qa8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12909", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29376", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32886", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32864", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455962", "reference_id": "2455962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455962" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33033", "reference_id": "CVE-2026-33033", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33033" }, { "reference_url": "https://github.com/advisories/GHSA-5mf9-h53q-7mhq", "reference_id": "GHSA-5mf9-h53q-7mhq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mf9-h53q-7mhq" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" }, { "reference_url": "https://usn.ubuntu.com/8154-2/", "reference_id": "USN-8154-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059931?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1" } ], "aliases": [ "CVE-2026-33033", "GHSA-5mf9-h53q-7mhq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ff2a-at5f-2qa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350033?format=api", "vulnerability_id": "VCID-gfym-spzk-w7gk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0197", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05474", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12281", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12317", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16578", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17449", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455939", "reference_id": "2455939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455939" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4277", "reference_id": "CVE-2026-4277", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4277" }, { "reference_url": "https://github.com/advisories/GHSA-pwjp-ccjc-ghwg", "reference_id": "GHSA-pwjp-ccjc-ghwg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwjp-ccjc-ghwg" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" }, { "reference_url": "https://usn.ubuntu.com/8154-2/", "reference_id": "USN-8154-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059931?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1" } ], "aliases": [ "CVE-2026-4277", "GHSA-pwjp-ccjc-ghwg" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfym-spzk-w7gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13208?format=api", "vulnerability_id": "VCID-jzae-1awh-k7cm", "summary": "An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55985", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55907", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55981", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56003", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56005", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55994", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55992", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55962", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55941", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38875" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:43:12Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db" }, { "reference_url": "https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:43:12Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38875", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38875" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240808-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240808-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:43:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069", "reference_id": "1076069", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295935", "reference_id": "2295935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295935" }, { "reference_url": "https://github.com/advisories/GHSA-qg2p-9jwr-mmqf", "reference_id": "GHSA-qg2p-9jwr-mmqf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qg2p-9jwr-mmqf" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8906", "reference_id": "RHSA-2024:8906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9481", "reference_id": "RHSA-2024:9481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9481" }, { "reference_url": "https://usn.ubuntu.com/6888-1/", "reference_id": "USN-6888-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-1/" }, { "reference_url": "https://usn.ubuntu.com/6888-2/", "reference_id": "USN-6888-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" } ], "aliases": [ "BIT-django-2024-38875", "CVE-2024-38875", "GHSA-qg2p-9jwr-mmqf", "PYSEC-2024-56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzae-1awh-k7cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12524?format=api", "vulnerability_id": "VCID-mga4-an1w-qqf9", "summary": "Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters\nAn issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85968", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85948", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85957", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85953", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.8594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85942", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85928", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85918", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.8588", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85899", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397" }, { "reference_url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b" }, { "reference_url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314485", "reference_id": "2314485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314485" }, { "reference_url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc", "reference_id": "GHSA-5hgc-2vfp-mqvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8534", "reference_id": "RHSA-2024:8534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8534" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" } ], "aliases": [ "BIT-django-2024-45230", "CVE-2024-45230", "GHSA-5hgc-2vfp-mqvc", "PYSEC-2024-102" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mga4-an1w-qqf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350034?format=api", "vulnerability_id": "VCID-ssut-reka-r3f8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06742", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0675", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0916", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09166", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10779", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455927", "reference_id": "2455927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455927" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33034", "reference_id": "CVE-2026-33034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33034" }, { "reference_url": "https://github.com/advisories/GHSA-933h-hp56-hf7m", "reference_id": "GHSA-933h-hp56-hf7m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-933h-hp56-hf7m" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059931?format=api", "purl": "pkg:deb/debian/python-django@3:4.2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1" } ], "aliases": [ "CVE-2026-33034", "GHSA-933h-hp56-hf7m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssut-reka-r3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13424?format=api", "vulnerability_id": "VCID-xhpa-mffz-syfy", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79949", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79941", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79917", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79925", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79921", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79912", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79946", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93" }, { "reference_url": "https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41990", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41990" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302434", "reference_id": "2302434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302434" }, { "reference_url": "https://github.com/advisories/GHSA-795c-9xpc-xw6g", "reference_id": "GHSA-795c-9xpc-xw6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-795c-9xpc-xw6g" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054435?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2" } ], "aliases": [ "BIT-django-2024-41990", "CVE-2024-41990", "GHSA-795c-9xpc-xw6g", "PYSEC-2024-68" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhpa-mffz-syfy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21504?format=api", "vulnerability_id": "VCID-28g3-ubx6-ebff", "summary": "Django has Inefficient Algorithmic Complexity\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20187", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20125", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20106", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20047", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19968", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20754", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20761", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20824", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20626", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340", "reference_id": "2436340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340" }, { "reference_url": "https://github.com/advisories/GHSA-4rrr-2h4v-f3j9", "reference_id": "GHSA-4rrr-2h4v-f3j9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4rrr-2h4v-f3j9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2026-1285", "GHSA-4rrr-2h4v-f3j9" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21364?format=api", "vulnerability_id": "VCID-2tfv-rtq7-2fg9", "summary": "Django has Observable Timing Discrepancy\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\nThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Stackered for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08653", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08755", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10623", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10579", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10506", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10488", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10648", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13473", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13473" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436343", "reference_id": "2436343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436343" }, { "reference_url": "https://github.com/advisories/GHSA-2mcm-79hx-8fxw", "reference_id": "GHSA-2mcm-79hx-8fxw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2mcm-79hx-8fxw" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-13473", "GHSA-2mcm-79hx-8fxw" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tfv-rtq7-2fg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11392?format=api", "vulnerability_id": "VCID-4ztz-fq98-5fh1", "summary": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61092", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61067", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61025", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61053", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61103", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61113", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6109", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61083", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e" }, { "reference_url": "https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9" }, { "reference_url": "https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0002" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226", "reference_id": "1051226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237258", "reference_id": "2237258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237258" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41164", "reference_id": "CVE-2023-41164", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41164" }, { "reference_url": "https://github.com/advisories/GHSA-7h4p-27mh-hmrw", "reference_id": "GHSA-7h4p-27mh-hmrw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7h4p-27mh-hmrw" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5208", "reference_id": "RHSA-2023:5208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1878", "reference_id": "RHSA-2024:1878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1878" }, { "reference_url": "https://usn.ubuntu.com/6378-1/", "reference_id": "USN-6378-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6378-1/" }, { "reference_url": "https://usn.ubuntu.com/6414-2/", "reference_id": "USN-6414-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6414-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2023-41164", "CVE-2023-41164", "GHSA-7h4p-27mh-hmrw", "PYSEC-2023-225" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13419?format=api", "vulnerability_id": "VCID-7tph-k8q2-bue2", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75878", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75855", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75839", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.7582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75803", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.7577", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75792", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75759", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75851", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927" }, { "reference_url": "https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41991" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302435", "reference_id": "2302435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302435" }, { "reference_url": "https://github.com/advisories/GHSA-r836-hh6v-rg5g", "reference_id": "GHSA-r836-hh6v-rg5g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r836-hh6v-rg5g" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7987", "reference_id": "RHSA-2024:7987", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-41991", "CVE-2024-41991", "GHSA-r836-hh6v-rg5g", "PYSEC-2024-69" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15097?format=api", "vulnerability_id": "VCID-896g-hqec-ryb9", "summary": "An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61442", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61455", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61471", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.6146", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61439", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61423", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61377", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61407", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61378", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/04/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/04/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282", "reference_id": "1107282", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365", "reference_id": "2370365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365" }, { "reference_url": "https://security.archlinux.org/ASA-202506-6", "reference_id": "ASA-202506-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-6" }, { "reference_url": "https://security.archlinux.org/AVG-2894", "reference_id": "AVG-2894", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2894" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/", "reference_id": "bugfix-releases", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/" }, { "reference_url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9", "reference_id": "GHSA-7xr5-9hcq-chf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14686", "reference_id": "RHSA-2025:14686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://usn.ubuntu.com/7555-1/", "reference_id": "USN-7555-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7555-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2025-48432", "CVE-2025-48432", "GHSA-7xr5-9hcq-chf9", "PYSEC-2025-47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11405?format=api", "vulnerability_id": "VCID-8m4b-y4va-kqgm", "summary": "In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02194", "scoring_system": "epss", "scoring_elements": "0.84423", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02194", "scoring_system": "epss", "scoring_elements": "0.844", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02194", "scoring_system": "epss", "scoring_elements": "0.84404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86076", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86066", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86119", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86099", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.8603", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473" }, { "reference_url": "https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8" }, { "reference_url": "https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231221-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231221-0001" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/04/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/04/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475", "reference_id": "1053475", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046", "reference_id": "2241046", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241046" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665", "reference_id": "CVE-2023-43665", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665" }, { "reference_url": "https://github.com/advisories/GHSA-h8gc-pgj2-vjm3", "reference_id": "GHSA-h8gc-pgj2-vjm3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8gc-pgj2-vjm3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6158", "reference_id": "RHSA-2023:6158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1878", "reference_id": "RHSA-2024:1878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1878" }, { "reference_url": "https://usn.ubuntu.com/6414-1/", "reference_id": "USN-6414-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6414-1/" }, { "reference_url": "https://usn.ubuntu.com/6414-2/", "reference_id": "USN-6414-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6414-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2023-43665", "CVE-2023-43665", "GHSA-h8gc-pgj2-vjm3", "PYSEC-2023-226" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20852?format=api", "vulnerability_id": "VCID-8qu1-45n9-gyb1", "summary": "Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01072", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01069", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01443", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01433", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01446", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01534", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339", "reference_id": "2436339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339" }, { "reference_url": "https://github.com/advisories/GHSA-gvg8-93h5-g6qq", "reference_id": "GHSA-gvg8-93h5-g6qq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvg8-93h5-g6qq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3960", "reference_id": "RHSA-2026:3960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3962", "reference_id": "RHSA-2026:3962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2026-1287", "GHSA-gvg8-93h5-g6qq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12375?format=api", "vulnerability_id": "VCID-8xgs-8xjr-cber", "summary": "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80439", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80413", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.8041", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80408", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80379", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80386", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80402", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80372", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80343", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80335", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01394", "scoring_system": "epss", "scoring_elements": "0.80355", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/5.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/" } ], "url": "https://docs.djangoproject.com/en/5.0/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc" }, { "reference_url": "https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9" }, { "reference_url": "https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2" }, { "reference_url": "https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24680" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261856", "reference_id": "2261856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261856" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/", "reference_id": "D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/" }, { "reference_url": "https://github.com/advisories/GHSA-xxj9-f6rv-m3x4", "reference_id": "GHSA-xxj9-f6rv-m3x4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxj9-f6rv-m3x4" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1057", "reference_id": "RHSA-2024:1057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1878", "reference_id": "RHSA-2024:1878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2731", "reference_id": "RHSA-2024:2731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5662", "reference_id": "RHSA-2024:5662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5662" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/", "reference_id": "SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/" }, { "reference_url": "https://usn.ubuntu.com/6623-1/", "reference_id": "USN-6623-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6623-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/", "reference_id": "ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-24680", "CVE-2024-24680", "GHSA-xxj9-f6rv-m3x4", "PYSEC-2024-28" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15000?format=api", "vulnerability_id": "VCID-9abh-apwm-ebab", "summary": "An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3734", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37577", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37659", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37613", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37641", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37674", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37647", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37717", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37692", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32873" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/05/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/05/07/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872", "reference_id": "1104872", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364980", "reference_id": "2364980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364980" }, { "reference_url": "https://security.archlinux.org/ASA-202505-10", "reference_id": "ASA-202505-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-10" }, { "reference_url": "https://security.archlinux.org/AVG-2876", "reference_id": "AVG-2876", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2876" }, { "reference_url": "https://github.com/advisories/GHSA-8j24-cjrq-gr2m", "reference_id": "GHSA-8j24-cjrq-gr2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8j24-cjrq-gr2m" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/7501-1/", "reference_id": "USN-7501-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7501-1/" }, { "reference_url": "https://usn.ubuntu.com/7501-2/", "reference_id": "USN-7501-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7501-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2025-32873", "CVE-2025-32873", "GHSA-8j24-cjrq-gr2m", "PYSEC-2025-37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22234?format=api", "vulnerability_id": "VCID-9uzd-mmyv-mfh4", "summary": "Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49031", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49016", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68804", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.7064", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70648", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85" }, { "reference_url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4" }, { "reference_url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b" }, { "reference_url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241" }, { "reference_url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139", "reference_id": "1120139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651", "reference_id": "2412651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py", "reference_id": "CVE-2025-64459", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459", "reference_id": "CVE-2025-64459", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459" }, { "reference_url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr", "reference_id": "GHSA-frmv-pr5f-9mcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23069", "reference_id": "RHSA-2025:23069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23070", "reference_id": "RHSA-2025:23070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23130", "reference_id": "RHSA-2025:23130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23131", "reference_id": "RHSA-2025:23131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23133", "reference_id": "RHSA-2025:23133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1596", "reference_id": "RHSA-2026:1596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1596" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7859-1/", "reference_id": "USN-7859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-64459", "GHSA-frmv-pr5f-9mcr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21634?format=api", "vulnerability_id": "VCID-c6xy-v4sf-u3hn", "summary": "Django vulnerable to partial directory traversal via archives\nAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05391", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05353", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05198", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05196", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05279", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05314", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05204", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e" }, { "reference_url": "https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/01/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/01/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979", "reference_id": "1116979", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450", "reference_id": "2400450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682", "reference_id": "CVE-2025-59682", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682" }, { "reference_url": "https://github.com/advisories/GHSA-q95w-c7qg-hrff", "reference_id": "GHSA-q95w-c7qg-hrff", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q95w-c7qg-hrff" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18979", "reference_id": "RHSA-2025:18979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18984", "reference_id": "RHSA-2025:18984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19201", "reference_id": "RHSA-2025:19201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19221", "reference_id": "RHSA-2025:19221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7794-1/", "reference_id": "USN-7794-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7794-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-59682", "GHSA-q95w-c7qg-hrff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12049?format=api", "vulnerability_id": "VCID-e2jd-yd4j-kqgt", "summary": "Django allows enumeration of user e-mail addresses\nAn issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46415", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46351", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca" }, { "reference_url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2" }, { "reference_url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496", "reference_id": "2314496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496" }, { "reference_url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv", "reference_id": "GHSA-rrqc-c2jx-6jgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2024-45231", "GHSA-rrqc-c2jx-6jgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14706?format=api", "vulnerability_id": "VCID-e87q-1j8h-93hh", "summary": "An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24457", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24537", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24545", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24496", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24686", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe" }, { "reference_url": "https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e" }, { "reference_url": "https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf" }, { "reference_url": "https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56374" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/01/14/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049", "reference_id": "1093049", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337996", "reference_id": "2337996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337996" }, { "reference_url": "https://github.com/advisories/GHSA-qcgg-j2x8-h9g8", "reference_id": "GHSA-qcgg-j2x8-h9g8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcgg-j2x8-h9g8" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0722", "reference_id": "RHSA-2025:0722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0777", "reference_id": "RHSA-2025:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0782", "reference_id": "RHSA-2025:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2399", "reference_id": "RHSA-2025:2399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4576", "reference_id": "RHSA-2025:4576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4576" }, { "reference_url": "https://usn.ubuntu.com/7205-1/", "reference_id": "USN-7205-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7205-1/" }, { "reference_url": "https://usn.ubuntu.com/7205-2/", "reference_id": "USN-7205-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7205-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-56374", "CVE-2024-56374", "GHSA-qcgg-j2x8-h9g8", "PYSEC-2025-1" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12636?format=api", "vulnerability_id": "VCID-jh1e-72hp-fuf4", "summary": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01855", "scoring_system": "epss", "scoring_elements": "0.82977", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.8567", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85665", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85604", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85642", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85646", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85635", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.85687", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02611", "scoring_system": "epss", "scoring_elements": "0.8565", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/5.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "https://docs.djangoproject.com/en/5.0/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521" }, { "reference_url": "https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e" }, { "reference_url": "https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27351" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/04/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/04/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266045", "reference_id": "2266045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266045" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/", "reference_id": "D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/" }, { "reference_url": "https://github.com/advisories/GHSA-vm8q-m57g-pff3", "reference_id": "GHSA-vm8q-m57g-pff3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm8q-m57g-pff3" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1878", "reference_id": "RHSA-2024:1878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3781", "reference_id": "RHSA-2024:3781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5662", "reference_id": "RHSA-2024:5662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4187", "reference_id": "RHSA-2025:4187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4187" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/", "reference_id": "SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/" }, { "reference_url": "https://usn.ubuntu.com/6674-1/", "reference_id": "USN-6674-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6674-1/" }, { "reference_url": "https://usn.ubuntu.com/6674-2/", "reference_id": "USN-6674-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6674-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/", "reference_id": "ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-27351", "CVE-2024-27351", "GHSA-vm8q-m57g-pff3", "PYSEC-2024-47" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13433?format=api", "vulnerability_id": "VCID-m91a-6235-nye9", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55873", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55863", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5586", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55874", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55834", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d" }, { "reference_url": "https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302436", "reference_id": "2302436", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302436" }, { "reference_url": "https://github.com/advisories/GHSA-pv4p-cwwg-4rph", "reference_id": "GHSA-pv4p-cwwg-4rph", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pv4p-cwwg-4rph" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8906", "reference_id": "RHSA-2024:8906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-42005", "CVE-2024-42005", "GHSA-pv4p-cwwg-4rph", "PYSEC-2024-70" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22292?format=api", "vulnerability_id": "VCID-msge-1mfu-7qfa", "summary": "Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01072", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01069", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01443", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01433", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01446", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01534", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84" }, { "reference_url": "https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342", "reference_id": "2436342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342" }, { "reference_url": "https://github.com/advisories/GHSA-6426-9fv3-65x8", "reference_id": "GHSA-6426-9fv3-65x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6426-9fv3-65x8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3960", "reference_id": "RHSA-2026:3960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3962", "reference_id": "RHSA-2026:3962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2026-1312", "GHSA-6426-9fv3-65x8" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21625?format=api", "vulnerability_id": "VCID-mux4-uv98-hbbw", "summary": "Django vulnerable to SQL injection in column aliases\nAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02008", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02022", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01937", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01935", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01975", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01962", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a" }, { "reference_url": "https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/01/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/01/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979", "reference_id": "1116979", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400449", "reference_id": "2400449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400449" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59681", "reference_id": "CVE-2025-59681", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59681" }, { "reference_url": "https://github.com/advisories/GHSA-hpr9-3m2g-3j9p", "reference_id": "GHSA-hpr9-3m2g-3j9p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hpr9-3m2g-3j9p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18984", "reference_id": "RHSA-2025:18984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7794-1/", "reference_id": "USN-7794-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7794-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-59681", "GHSA-hpr9-3m2g-3j9p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13212?format=api", "vulnerability_id": "VCID-q12d-kv8p-8ff7", "summary": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37652", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37615", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37676", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37607", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37619", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37632", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37571", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37555", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37386", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b" }, { "reference_url": "https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39329" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240808-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240808-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069", "reference_id": "1076069", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295936", "reference_id": "2295936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295936" }, { "reference_url": "https://github.com/advisories/GHSA-x7q2-wr7g-xqmf", "reference_id": "GHSA-x7q2-wr7g-xqmf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7q2-wr7g-xqmf" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8906", "reference_id": "RHSA-2024:8906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9481", "reference_id": "RHSA-2024:9481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9481" }, { "reference_url": "https://usn.ubuntu.com/6888-1/", "reference_id": "USN-6888-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-1/" }, { "reference_url": "https://usn.ubuntu.com/6888-2/", "reference_id": "USN-6888-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-39329", "CVE-2024-39329", "GHSA-x7q2-wr7g-xqmf", "PYSEC-2024-57" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13196?format=api", "vulnerability_id": "VCID-u3zk-tff2-aua9", "summary": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91339", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91382", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91371", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91373", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91349", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91334", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91321", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91314", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06838", "scoring_system": "epss", "scoring_elements": "0.91304", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3" }, { "reference_url": "https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39614" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240808-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240808-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069", "reference_id": "1076069", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295938", "reference_id": "2295938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295938" }, { "reference_url": "https://github.com/advisories/GHSA-f6f8-9mx6-9mx2", "reference_id": "GHSA-f6f8-9mx6-9mx2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f6f8-9mx6-9mx2" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8906", "reference_id": "RHSA-2024:8906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9481", "reference_id": "RHSA-2024:9481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6888-1/", "reference_id": "USN-6888-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-1/" }, { "reference_url": "https://usn.ubuntu.com/6888-2/", "reference_id": "USN-6888-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-39614", "CVE-2024-39614", "GHSA-f6f8-9mx6-9mx2", "PYSEC-2024-59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23671?format=api", "vulnerability_id": "VCID-ukkt-wgau-t3et", "summary": "Django is vulnerable to DoS via XML serializer text extraction\nAn issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\nAlgorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22158", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2237", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22425", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22447", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22405", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22349", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22308", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b" }, { "reference_url": "https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5" }, { "reference_url": "https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0" }, { "reference_url": "https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788", "reference_id": "1121788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366", "reference_id": "2418366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460", "reference_id": "CVE-2025-64460", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460" }, { "reference_url": "https://github.com/advisories/GHSA-vrcr-9hj9-jcg6", "reference_id": "GHSA-vrcr-9hj9-jcg6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrcr-9hj9-jcg6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1249", "reference_id": "RHSA-2026:1249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1497", "reference_id": "RHSA-2026:1497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1506", "reference_id": "RHSA-2026:1506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1599", "reference_id": "RHSA-2026:1599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1609", "reference_id": "RHSA-2026:1609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1609" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7903-1/", "reference_id": "USN-7903-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7903-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-64460", "GHSA-vrcr-9hj9-jcg6" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13427?format=api", "vulnerability_id": "VCID-v1xr-z4zu-yfb4", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80387", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80354", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80327", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80316", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80356", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8" }, { "reference_url": "https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41989" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302433", "reference_id": "2302433", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302433" }, { "reference_url": "https://github.com/advisories/GHSA-jh75-99hh-qvx9", "reference_id": "GHSA-jh75-99hh-qvx9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh75-99hh-qvx9" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8534", "reference_id": "RHSA-2024:8534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-41989", "CVE-2024-41989", "GHSA-jh75-99hh-qvx9", "PYSEC-2024-67" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25634?format=api", "vulnerability_id": "VCID-w4pr-k5nj-ckgy", "summary": "Django is subject to SQL injection through its column aliases\nAn issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0574", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05706", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05535", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05593", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05798", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05868", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05828", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5" }, { "reference_url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92" }, { "reference_url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html" }, { "reference_url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865", "reference_id": "1113865", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990", "reference_id": "2392990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990" }, { "reference_url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w", "reference_id": "GHSA-6w2r-r2m5-xq5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16403", "reference_id": "RHSA-2025:16403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16404", "reference_id": "RHSA-2025:16404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16514", "reference_id": "RHSA-2025:16514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17498", "reference_id": "RHSA-2025:17498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17499", "reference_id": "RHSA-2025:17499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17500", "reference_id": "RHSA-2025:17500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17606", "reference_id": "RHSA-2025:17606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17613", "reference_id": "RHSA-2025:17613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17614", "reference_id": "RHSA-2025:17614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17614" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7736-1/", "reference_id": "USN-7736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-57833", "GHSA-6w2r-r2m5-xq5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14665?format=api", "vulnerability_id": "VCID-wwa5-mhgu-9khz", "summary": "Django denial-of-service in django.utils.html.strip_tags()\nAn issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77442", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.7745", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77364", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77371", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.7739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77412", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77416", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.7741", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.774", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53907" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288", "reference_id": "2329288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288" }, { "reference_url": "https://github.com/advisories/GHSA-8498-2h75-472j", "reference_id": "GHSA-8498-2h75-472j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8498-2h75-472j" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11144", "reference_id": "RHSA-2024:11144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11146", "reference_id": "RHSA-2024:11146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0340", "reference_id": "RHSA-2025:0340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0777", "reference_id": "RHSA-2025:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0777" }, { "reference_url": "https://usn.ubuntu.com/7136-1/", "reference_id": "USN-7136-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-1/" }, { "reference_url": "https://usn.ubuntu.com/7136-2/", "reference_id": "USN-7136-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2024-53907", "GHSA-8498-2h75-472j" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14834?format=api", "vulnerability_id": "VCID-xgv1-s2ek-q3dp", "summary": "An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52132", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52203", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52199", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81624", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81643", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81675", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81695", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81676", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26699" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/03/06/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/03/06/12" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682", "reference_id": "1099682", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348993", "reference_id": "2348993", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348993" }, { "reference_url": "https://github.com/advisories/GHSA-p3fp-8748-vqfq", "reference_id": "GHSA-p3fp-8748-vqfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3fp-8748-vqfq" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3160", "reference_id": "RHSA-2025:3160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3162", "reference_id": "RHSA-2025:3162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3709", "reference_id": "RHSA-2025:3709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4553", "reference_id": "RHSA-2025:4553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8609", "reference_id": "RHSA-2025:8609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8609" }, { "reference_url": "https://usn.ubuntu.com/7335-1/", "reference_id": "USN-7335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2025-26699", "CVE-2025-26699", "GHSA-p3fp-8748-vqfq", "PYSEC-2025-13" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20914?format=api", "vulnerability_id": "VCID-ysyp-h7ja-yff3", "summary": "Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\nRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Tarek Nakkouch for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03841", "scoring_system": "epss", "scoring_elements": "0.88146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03841", "scoring_system": "epss", "scoring_elements": "0.88188", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03841", "scoring_system": "epss", "scoring_elements": "0.88178", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03841", "scoring_system": "epss", "scoring_elements": "0.88172", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03841", "scoring_system": "epss", "scoring_elements": "0.88153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04424", "scoring_system": "epss", "scoring_elements": "0.89061", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04424", "scoring_system": "epss", "scoring_elements": "0.89043", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04424", "scoring_system": "epss", "scoring_elements": "0.89048", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04424", "scoring_system": "epss", "scoring_elements": "0.89035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04424", "scoring_system": "epss", "scoring_elements": "0.89037", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05126", "scoring_system": "epss", "scoring_elements": "0.8982", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338", "reference_id": "2436338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338" }, { "reference_url": "https://github.com/advisories/GHSA-mwm9-4648-f68q", "reference_id": "GHSA-mwm9-4648-f68q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwm9-4648-f68q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3960", "reference_id": "RHSA-2026:3960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3962", "reference_id": "RHSA-2026:3962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "CVE-2026-1207", "GHSA-mwm9-4648-f68q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13205?format=api", "vulnerability_id": "VCID-z27q-zfpz-ckby", "summary": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40261", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.4037", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.4048", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40465", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40486", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40448", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40429", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e" }, { "reference_url": "https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39330" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240808-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240808-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069", "reference_id": "1076069", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295937", "reference_id": "2295937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295937" }, { "reference_url": "https://github.com/advisories/GHSA-9jmf-237g-qf46", "reference_id": "GHSA-9jmf-237g-qf46", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9jmf-237g-qf46" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8906", "reference_id": "RHSA-2024:8906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9481", "reference_id": "RHSA-2024:9481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9481" }, { "reference_url": "https://usn.ubuntu.com/6888-1/", "reference_id": "USN-6888-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-1/" }, { "reference_url": "https://usn.ubuntu.com/6888-2/", "reference_id": "USN-6888-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6888-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036926?format=api", "purl": "pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-27wt-wmzc-1bc2" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-438j-ce4y-zkan" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037783?format=api", "purl": "pkg:deb/debian/python-django@1:1.11.29-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-7tph-k8q2-bue2" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-m91a-6235-nye9" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-q12d-kv8p-8ff7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u3zk-tff2-aua9" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v1xr-z4zu-yfb4" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" }, { "vulnerability": "VCID-z27q-zfpz-ckby" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049561?format=api", "purl": "pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1adz-zw3h-pqek" }, { "vulnerability": "VCID-46pv-pzsu-jucd" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-ff2a-at5f-2qa8" }, { "vulnerability": "VCID-gfym-spzk-w7gk" }, { "vulnerability": "VCID-jzae-1awh-k7cm" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-ssut-reka-r3f8" }, { "vulnerability": "VCID-xhpa-mffz-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" } ], "aliases": [ "BIT-django-2024-39330", "CVE-2024-39330", "GHSA-9jmf-237g-qf46", "PYSEC-2024-58" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1" }