Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@2.0.4
Typepypi
Namespace
Namedjango
Version2.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.11
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-322v-ntsv-7uge
vulnerability_id VCID-322v-ntsv-7uge
summary django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0265
1
reference_url https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
2
reference_url https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
3
reference_url https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
reference_id
reference_type
scores
url https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
4
reference_url https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
reference_id
reference_type
scores
url https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
6
reference_url https://usn.ubuntu.com/3726-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3726-1
7
reference_url https://usn.ubuntu.com/3726-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3726-1/
8
reference_url https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
reference_id
reference_type
scores
url https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
9
reference_url https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
reference_id
reference_type
scores
url https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
10
reference_url https://www.debian.org/security/2018/dsa-4264
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4264
11
reference_url https://www.djangoproject.com/weblog/2018/aug/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/aug/01/security-releases
12
reference_url https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
13
reference_url http://www.securityfocus.com/bid/104970
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104970
14
reference_url http://www.securitytracker.com/id/1041403
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041403
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14574
reference_id CVE-2018-14574
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14574
fixed_packages
0
url pkg:pypi/django@2.0.8
purl pkg:pypi/django@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-f1br-hvnm-wfdg
2
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.8
aliases CVE-2018-14574, GHSA-5hg3-6c2f-f3wr, PYSEC-2018-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-322v-ntsv-7uge
1
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
2
url VCID-f1br-hvnm-wfdg
vulnerability_id VCID-f1br-hvnm-wfdg
summary In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-337x-4q8g-prc5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-337x-4q8g-prc5
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
5
reference_url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
6
reference_url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
9
reference_url https://usn.ubuntu.com/3851-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1
10
reference_url https://usn.ubuntu.com/3851-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1/
11
reference_url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
12
reference_url https://www.debian.org/security/2019/dsa-4363
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4363
13
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
14
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
15
reference_url http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106453
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
reference_id CVE-2019-3498
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
fixed_packages
0
url pkg:pypi/django@2.0.10
purl pkg:pypi/django@2.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10
1
url pkg:pypi/django@2.1.5
purl pkg:pypi/django@2.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-kbab-v2gz-dfe6
6
vulnerability VCID-pgtx-cdua-kfb4
7
vulnerability VCID-t952-ghnf-jkby
8
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5
aliases CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1br-hvnm-wfdg
3
url VCID-t952-ghnf-jkby
vulnerability_id VCID-t952-ghnf-jkby
summary Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-wh4h-v3f2-r2pp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wh4h-v3f2-r2pp
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
reference_id
reference_type
scores
url https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
5
reference_url https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676
reference_id
reference_type
scores
url https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676
6
reference_url https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
reference_id
reference_type
scores
url https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml
8
reference_url https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
13
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
14
reference_url https://usn.ubuntu.com/3890-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3890-1
15
reference_url https://usn.ubuntu.com/3890-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3890-1/
16
reference_url https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964
reference_id
reference_type
scores
url https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964
17
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
18
reference_url https://www.djangoproject.com/weblog/2019/feb/11/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/feb/11/security-releases
19
reference_url https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
20
reference_url https://www.openwall.com/lists/oss-security/2019/02/11/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2019/02/11/1
21
reference_url http://www.securityfocus.com/bid/106964
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106964
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6975
reference_id CVE-2019-6975
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-6975
fixed_packages
0
url pkg:pypi/django@2.0.11
purl pkg:pypi/django@2.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.11
1
url pkg:pypi/django@2.0.12
purl pkg:pypi/django@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.12
2
url pkg:pypi/django@2.1.6
purl pkg:pypi/django@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.6
3
url pkg:pypi/django@2.1.7
purl pkg:pypi/django@2.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-kbab-v2gz-dfe6
6
vulnerability VCID-pgtx-cdua-kfb4
7
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7
aliases CVE-2019-6975, GHSA-wh4h-v3f2-r2pp, PYSEC-2019-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t952-ghnf-jkby
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.4