Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.11.21
Typepypi
Namespace
Namedjango
Version1.11.21
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.11
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-2bh9-k4at-r7hz
vulnerability_id VCID-2bh9-k4at-r7hz
summary sql injection
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7471
reference_id
reference_type
scores
0
value 0.09442
scoring_system epss
scoring_elements 0.92943
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7471
1
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
2
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
7
reference_url https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
8
reference_url https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
9
reference_url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
11
reference_url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
14
reference_url https://seclists.org/bugtraq/2020/Feb/30
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2020/Feb/30
15
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
16
reference_url https://security.netapp.com/advisory/ntap-20200221-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200221-0006
17
reference_url https://security.netapp.com/advisory/ntap-20200221-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200221-0006/
18
reference_url https://usn.ubuntu.com/4264-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4264-1
19
reference_url https://usn.ubuntu.com/4264-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4264-1/
20
reference_url https://www.debian.org/security/2020/dsa-4629
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4629
21
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases
22
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
23
reference_url https://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/02/03/1
24
reference_url http://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/02/03/1
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
reference_id 950581
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
26
reference_url https://security.archlinux.org/ASA-202002-1
reference_id ASA-202002-1
reference_type
scores
url https://security.archlinux.org/ASA-202002-1
27
reference_url https://security.archlinux.org/AVG-1091
reference_id AVG-1091
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1091
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7471
reference_id CVE-2020-7471
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7471
fixed_packages
0
url pkg:pypi/django@1.11.28
purl pkg:pypi/django@1.11.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7b47-vsfh-y3gh
1
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.28
1
url pkg:pypi/django@2.2.10
purl pkg:pypi/django@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f2p-wfbs-73hz
1
vulnerability VCID-5a2y-2m62-1qfa
2
vulnerability VCID-7b47-vsfh-y3gh
3
vulnerability VCID-81q1-gytk-2uaq
4
vulnerability VCID-9hp4-hn21-zkg8
5
vulnerability VCID-b81v-3drw-xudf
6
vulnerability VCID-bbxx-48nj-pqcd
7
vulnerability VCID-dcv2-gx5a-pfe2
8
vulnerability VCID-dqkn-1888-y3er
9
vulnerability VCID-fc6y-y2b1-v3d5
10
vulnerability VCID-gxju-xjh2-z7bn
11
vulnerability VCID-hzcv-euwq-eqeg
12
vulnerability VCID-jzbk-uswz-8ucg
13
vulnerability VCID-nxbs-37dx-rbbh
14
vulnerability VCID-punr-dfy5-v3g1
15
vulnerability VCID-u53d-8afk-c3gq
16
vulnerability VCID-vyzr-dkz3-vfg6
17
vulnerability VCID-xb3c-6rew-z3ba
18
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10
2
url pkg:pypi/django@3.0.3
purl pkg:pypi/django@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5a2y-2m62-1qfa
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-9hp4-hn21-zkg8
3
vulnerability VCID-b81v-3drw-xudf
4
vulnerability VCID-hzcv-euwq-eqeg
5
vulnerability VCID-nxbs-37dx-rbbh
6
vulnerability VCID-punr-dfy5-v3g1
7
vulnerability VCID-xb3c-6rew-z3ba
8
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3
aliases BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bh9-k4at-r7hz
1
url VCID-6s18-ssym-1bd6
vulnerability_id VCID-6s18-ssym-1bd6
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
5
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
8
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
9
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases PYSEC-2019-84
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6s18-ssym-1bd6
2
url VCID-7b47-vsfh-y3gh
vulnerability_id VCID-7b47-vsfh-y3gh
summary sql injection
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9402
reference_id
reference_type
scores
0
value 0.84997
scoring_system epss
scoring_elements 0.99364
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9402
1
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
2
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/3.0/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-345.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-345.yaml
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml
9
reference_url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
10
reference_url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
11
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
19
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
20
reference_url https://security.netapp.com/advisory/ntap-20200327-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0004
21
reference_url https://security.netapp.com/advisory/ntap-20200327-0004/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://security.netapp.com/advisory/ntap-20200327-0004/
22
reference_url https://usn.ubuntu.com/4296-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4296-1
23
reference_url https://usn.ubuntu.com/4296-1/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://usn.ubuntu.com/4296-1/
24
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4705
25
reference_url https://www.djangoproject.com/weblog/2020/mar/04/security-releases
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/mar/04/security-releases
26
reference_url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102
reference_id 953102
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102
28
reference_url https://security.archlinux.org/ASA-202003-5
reference_id ASA-202003-5
reference_type
scores
url https://security.archlinux.org/ASA-202003-5
29
reference_url https://security.archlinux.org/AVG-1111
reference_id AVG-1111
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1111
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9402
reference_id CVE-2020-9402
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9402
fixed_packages
0
url pkg:pypi/django@1.11.29
purl pkg:pypi/django@1.11.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.29
1
url pkg:pypi/django@2.2.11
purl pkg:pypi/django@2.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f2p-wfbs-73hz
1
vulnerability VCID-5a2y-2m62-1qfa
2
vulnerability VCID-81q1-gytk-2uaq
3
vulnerability VCID-9hp4-hn21-zkg8
4
vulnerability VCID-b81v-3drw-xudf
5
vulnerability VCID-bbxx-48nj-pqcd
6
vulnerability VCID-dcv2-gx5a-pfe2
7
vulnerability VCID-dqkn-1888-y3er
8
vulnerability VCID-fc6y-y2b1-v3d5
9
vulnerability VCID-gxju-xjh2-z7bn
10
vulnerability VCID-hzcv-euwq-eqeg
11
vulnerability VCID-jzbk-uswz-8ucg
12
vulnerability VCID-nxbs-37dx-rbbh
13
vulnerability VCID-punr-dfy5-v3g1
14
vulnerability VCID-u53d-8afk-c3gq
15
vulnerability VCID-vyzr-dkz3-vfg6
16
vulnerability VCID-xb3c-6rew-z3ba
17
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11
2
url pkg:pypi/django@3.0.4
purl pkg:pypi/django@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5a2y-2m62-1qfa
1
vulnerability VCID-9hp4-hn21-zkg8
2
vulnerability VCID-b81v-3drw-xudf
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-nxbs-37dx-rbbh
5
vulnerability VCID-punr-dfy5-v3g1
6
vulnerability VCID-xb3c-6rew-z3ba
7
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4
aliases BIT-django-2020-9402, CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b47-vsfh-y3gh
3
url VCID-arff-yjfe-auhp
vulnerability_id VCID-arff-yjfe-auhp
summary Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
4
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
5
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
6
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
7
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
8
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
9
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-5a2y-2m62-1qfa
3
vulnerability VCID-7b47-vsfh-y3gh
4
vulnerability VCID-81q1-gytk-2uaq
5
vulnerability VCID-9hp4-hn21-zkg8
6
vulnerability VCID-b81v-3drw-xudf
7
vulnerability VCID-bbxx-48nj-pqcd
8
vulnerability VCID-dcv2-gx5a-pfe2
9
vulnerability VCID-dqkn-1888-y3er
10
vulnerability VCID-fc6y-y2b1-v3d5
11
vulnerability VCID-gxju-xjh2-z7bn
12
vulnerability VCID-hzcv-euwq-eqeg
13
vulnerability VCID-jzbk-uswz-8ucg
14
vulnerability VCID-nxbs-37dx-rbbh
15
vulnerability VCID-punr-dfy5-v3g1
16
vulnerability VCID-u53d-8afk-c3gq
17
vulnerability VCID-vyzr-dkz3-vfg6
18
vulnerability VCID-xb3c-6rew-z3ba
19
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases PYSEC-2019-86
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arff-yjfe-auhp
4
url VCID-evu1-efcj-gfc5
vulnerability_id VCID-evu1-efcj-gfc5
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14235
reference_id
reference_type
scores
0
value 0.06773
scoring_system epss
scoring_elements 0.91447
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14235
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
9
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
12
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
13
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
14
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
15
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
16
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
17
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
18
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
20
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
21
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14235
reference_id CVE-2019-14235
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14235
23
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evu1-efcj-gfc5
5
url VCID-fynq-usj6-rfd3
vulnerability_id VCID-fynq-usj6-rfd3
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19844
reference_id
reference_type
scores
0
value 0.13973
scoring_system epss
scoring_elements 0.94448
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
8
reference_url https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
9
reference_url https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
10
reference_url https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
12
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
15
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2020/Jan/9
16
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
17
reference_url https://security.netapp.com/advisory/ntap-20200110-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200110-0003
18
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
19
reference_url https://usn.ubuntu.com/4224-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4224-1
20
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
21
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4598
22
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
reference_id 946937
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
25
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
26
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
reference_id CVE-2019-19844
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19844
reference_id CVE-2019-19844
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19844
28
reference_url https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
reference_id CVE-2019-19844
reference_type exploit
scores
url https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
29
reference_url https://usn.ubuntu.com/6722-1/
reference_id USN-6722-1
reference_type
scores
url https://usn.ubuntu.com/6722-1/
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-5a2y-2m62-1qfa
3
vulnerability VCID-7b47-vsfh-y3gh
4
vulnerability VCID-81q1-gytk-2uaq
5
vulnerability VCID-9hp4-hn21-zkg8
6
vulnerability VCID-b81v-3drw-xudf
7
vulnerability VCID-bbxx-48nj-pqcd
8
vulnerability VCID-dcv2-gx5a-pfe2
9
vulnerability VCID-dqkn-1888-y3er
10
vulnerability VCID-fc6y-y2b1-v3d5
11
vulnerability VCID-gxju-xjh2-z7bn
12
vulnerability VCID-hzcv-euwq-eqeg
13
vulnerability VCID-jzbk-uswz-8ucg
14
vulnerability VCID-nxbs-37dx-rbbh
15
vulnerability VCID-punr-dfy5-v3g1
16
vulnerability VCID-u53d-8afk-c3gq
17
vulnerability VCID-vyzr-dkz3-vfg6
18
vulnerability VCID-xb3c-6rew-z3ba
19
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
2
url pkg:pypi/django@3.0.1
purl pkg:pypi/django@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-5a2y-2m62-1qfa
2
vulnerability VCID-7b47-vsfh-y3gh
3
vulnerability VCID-9hp4-hn21-zkg8
4
vulnerability VCID-b81v-3drw-xudf
5
vulnerability VCID-hzcv-euwq-eqeg
6
vulnerability VCID-nxbs-37dx-rbbh
7
vulnerability VCID-punr-dfy5-v3g1
8
vulnerability VCID-xb3c-6rew-z3ba
9
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fynq-usj6-rfd3
6
url VCID-had1-mb3z-23dy
vulnerability_id VCID-had1-mb3z-23dy
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
5
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
8
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
9
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases PYSEC-2019-82
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-had1-mb3z-23dy
7
url VCID-hzcv-euwq-eqeg
vulnerability_id VCID-hzcv-euwq-eqeg
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33203
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.5585
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33203
1
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
2
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90
7
reference_url https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f
8
reference_url https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml
10
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33203
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33203
13
reference_url https://security.netapp.com/advisory/ntap-20210727-0004
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210727-0004
14
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases
15
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
reference_id 989394
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
17
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
18
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
19
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
20
reference_url https://usn.ubuntu.com/4975-1/
reference_id USN-4975-1
reference_type
scores
url https://usn.ubuntu.com/4975-1/
21
reference_url https://usn.ubuntu.com/4975-2/
reference_id USN-4975-2
reference_type
scores
url https://usn.ubuntu.com/4975-2/
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f2p-wfbs-73hz
1
vulnerability VCID-81q1-gytk-2uaq
2
vulnerability VCID-bbxx-48nj-pqcd
3
vulnerability VCID-dcv2-gx5a-pfe2
4
vulnerability VCID-dqkn-1888-y3er
5
vulnerability VCID-fc6y-y2b1-v3d5
6
vulnerability VCID-jzbk-uswz-8ucg
7
vulnerability VCID-vyzr-dkz3-vfg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fc6y-y2b1-v3d5
1
vulnerability VCID-zvet-h29t-tub8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f2p-wfbs-73hz
1
vulnerability VCID-5k3f-9smv-8bev
2
vulnerability VCID-6bct-bfhb-xugt
3
vulnerability VCID-7u6e-a3ng-fude
4
vulnerability VCID-81q1-gytk-2uaq
5
vulnerability VCID-bbxx-48nj-pqcd
6
vulnerability VCID-bjn5-qpmt-qffx
7
vulnerability VCID-ctk2-ykg7-h7ag
8
vulnerability VCID-dcv2-gx5a-pfe2
9
vulnerability VCID-dqkn-1888-y3er
10
vulnerability VCID-e2p6-m8gu-jbfu
11
vulnerability VCID-fc6y-y2b1-v3d5
12
vulnerability VCID-fwkd-bq8u-9kg8
13
vulnerability VCID-jzbk-uswz-8ucg
14
vulnerability VCID-kmv2-339j-8ugc
15
vulnerability VCID-nyy8-t17r-syex
16
vulnerability VCID-qg2s-fuw3-nbda
17
vulnerability VCID-rn9d-fd73-3kb9
18
vulnerability VCID-vyzr-dkz3-vfg6
19
vulnerability VCID-x4s4-qav9-xbet
20
vulnerability VCID-zvet-h29t-tub8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzcv-euwq-eqeg
8
url VCID-n9cz-g44c-4fht
vulnerability_id VCID-n9cz-g44c-4fht
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14233
reference_id
reference_type
scores
0
value 0.06773
scoring_system epss
scoring_elements 0.91447
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14233
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml
9
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
12
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
13
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
14
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
15
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
16
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
17
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
18
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
20
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
21
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14233
reference_id CVE-2019-14233
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14233
23
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9cz-g44c-4fht
9
url VCID-phrd-92uj-sygr
vulnerability_id VCID-phrd-92uj-sygr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
5
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
8
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
9
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases PYSEC-2019-81
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phrd-92uj-sygr
10
url VCID-v8hg-78p1-87bh
vulnerability_id VCID-v8hg-78p1-87bh
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14234
reference_id
reference_type
scores
0
value 0.29723
scoring_system epss
scoring_elements 0.96712
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14234
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/advisories/GHSA-6r97-cj55-9hrq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6r97-cj55-9hrq
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
8
reference_url https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
9
reference_url https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
11
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
14
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
15
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
16
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
17
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
18
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
19
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
20
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
22
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
23
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14234
reference_id CVE-2019-14234
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14234
25
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v8hg-78p1-87bh
11
url VCID-wv4b-pjet-r7d1
vulnerability_id VCID-wv4b-pjet-r7d1
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
4
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
5
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
6
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
7
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
8
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases PYSEC-2019-83
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wv4b-pjet-r7d1
12
url VCID-x2hp-rmcn-gbah
vulnerability_id VCID-x2hp-rmcn-gbah
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14232
reference_id
reference_type
scores
0
value 0.0297
scoring_system epss
scoring_elements 0.86745
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14232
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
9
reference_url https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
10
reference_url https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
11
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
15
reference_url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
16
reference_url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
17
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
20
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
21
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
22
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
24
reference_url https://www.openwall.com/lists/oss-security/2023/10/04/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/10/04/6
25
reference_url http://www.openwall.com/lists/oss-security/2023/10/04/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/04/6
26
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/04/1
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
28
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
29
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14232
reference_id CVE-2019-14232
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14232
31
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-7b47-vsfh-y3gh
2
vulnerability VCID-arff-yjfe-auhp
3
vulnerability VCID-fynq-usj6-rfd3
4
vulnerability VCID-hzcv-euwq-eqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-fynq-usj6-rfd3
3
vulnerability VCID-hzcv-euwq-eqeg
4
vulnerability VCID-vr6h-ymzh-1kb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-7b47-vsfh-y3gh
5
vulnerability VCID-81q1-gytk-2uaq
6
vulnerability VCID-9hp4-hn21-zkg8
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-b81v-3drw-xudf
9
vulnerability VCID-bbxx-48nj-pqcd
10
vulnerability VCID-dcv2-gx5a-pfe2
11
vulnerability VCID-dqkn-1888-y3er
12
vulnerability VCID-fc6y-y2b1-v3d5
13
vulnerability VCID-fynq-usj6-rfd3
14
vulnerability VCID-gxju-xjh2-z7bn
15
vulnerability VCID-hzcv-euwq-eqeg
16
vulnerability VCID-jzbk-uswz-8ucg
17
vulnerability VCID-nxbs-37dx-rbbh
18
vulnerability VCID-punr-dfy5-v3g1
19
vulnerability VCID-u53d-8afk-c3gq
20
vulnerability VCID-vr6h-ymzh-1kb2
21
vulnerability VCID-vyzr-dkz3-vfg6
22
vulnerability VCID-xb3c-6rew-z3ba
23
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hp-rmcn-gbah
13
url VCID-yh41-twy2-c7c5
vulnerability_id VCID-yh41-twy2-c7c5
summary An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
5
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
6
reference_url https://security.netapp.com/advisory/ntap-20190705-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002/
7
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
8
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
9
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
10
reference_url http://www.openwall.com/lists/oss-security/2019/07/01/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/07/01/3
11
reference_url http://www.securityfocus.com/bid/109018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/109018
fixed_packages
0
url pkg:pypi/django@1.11.22
purl pkg:pypi/django@1.11.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-6s18-ssym-1bd6
2
vulnerability VCID-7b47-vsfh-y3gh
3
vulnerability VCID-arff-yjfe-auhp
4
vulnerability VCID-evu1-efcj-gfc5
5
vulnerability VCID-fynq-usj6-rfd3
6
vulnerability VCID-had1-mb3z-23dy
7
vulnerability VCID-hzcv-euwq-eqeg
8
vulnerability VCID-n9cz-g44c-4fht
9
vulnerability VCID-phrd-92uj-sygr
10
vulnerability VCID-v8hg-78p1-87bh
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22
1
url pkg:pypi/django@2.1.10
purl pkg:pypi/django@2.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-6s18-ssym-1bd6
3
vulnerability VCID-evu1-efcj-gfc5
4
vulnerability VCID-fynq-usj6-rfd3
5
vulnerability VCID-had1-mb3z-23dy
6
vulnerability VCID-hzcv-euwq-eqeg
7
vulnerability VCID-n9cz-g44c-4fht
8
vulnerability VCID-phrd-92uj-sygr
9
vulnerability VCID-v8hg-78p1-87bh
10
vulnerability VCID-vr6h-ymzh-1kb2
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10
2
url pkg:pypi/django@2.2.3
purl pkg:pypi/django@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-6s18-ssym-1bd6
5
vulnerability VCID-7b47-vsfh-y3gh
6
vulnerability VCID-81q1-gytk-2uaq
7
vulnerability VCID-9hp4-hn21-zkg8
8
vulnerability VCID-arff-yjfe-auhp
9
vulnerability VCID-b81v-3drw-xudf
10
vulnerability VCID-bbxx-48nj-pqcd
11
vulnerability VCID-dcv2-gx5a-pfe2
12
vulnerability VCID-dqkn-1888-y3er
13
vulnerability VCID-evu1-efcj-gfc5
14
vulnerability VCID-fc6y-y2b1-v3d5
15
vulnerability VCID-fynq-usj6-rfd3
16
vulnerability VCID-gxju-xjh2-z7bn
17
vulnerability VCID-had1-mb3z-23dy
18
vulnerability VCID-hzcv-euwq-eqeg
19
vulnerability VCID-jzbk-uswz-8ucg
20
vulnerability VCID-n9cz-g44c-4fht
21
vulnerability VCID-nxbs-37dx-rbbh
22
vulnerability VCID-phrd-92uj-sygr
23
vulnerability VCID-punr-dfy5-v3g1
24
vulnerability VCID-u53d-8afk-c3gq
25
vulnerability VCID-v8hg-78p1-87bh
26
vulnerability VCID-vr6h-ymzh-1kb2
27
vulnerability VCID-vyzr-dkz3-vfg6
28
vulnerability VCID-wv4b-pjet-r7d1
29
vulnerability VCID-x2hp-rmcn-gbah
30
vulnerability VCID-xb3c-6rew-z3ba
31
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3
aliases PYSEC-2019-80
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yh41-twy2-c7c5
14
url VCID-ypwa-2rh9-gyex
vulnerability_id VCID-ypwa-2rh9-gyex
summary silent downgrade
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12781
reference_id
reference_type
scores
0
value 0.04284
scoring_system epss
scoring_elements 0.89026
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12781
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-6c7v-2f49-8h26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6c7v-2f49-8h26
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
9
reference_url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
12
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/10
13
reference_url https://security.netapp.com/advisory/ntap-20190705-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190705-0002
14
reference_url https://security.netapp.com/advisory/ntap-20190705-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002/
15
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4043-1
16
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
17
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4476
18
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
19
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
20
reference_url http://www.openwall.com/lists/oss-security/2019/07/01/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/07/01/3
21
reference_url http://www.securityfocus.com/bid/109018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/109018
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316
reference_id 931316
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316
23
reference_url https://security.archlinux.org/ASA-201907-2
reference_id ASA-201907-2
reference_type
scores
url https://security.archlinux.org/ASA-201907-2
24
reference_url https://security.archlinux.org/AVG-1000
reference_id AVG-1000
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1000
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
reference_id CVE-2019-12781
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
fixed_packages
0
url pkg:pypi/django@1.11.22
purl pkg:pypi/django@1.11.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-6s18-ssym-1bd6
2
vulnerability VCID-7b47-vsfh-y3gh
3
vulnerability VCID-arff-yjfe-auhp
4
vulnerability VCID-evu1-efcj-gfc5
5
vulnerability VCID-fynq-usj6-rfd3
6
vulnerability VCID-had1-mb3z-23dy
7
vulnerability VCID-hzcv-euwq-eqeg
8
vulnerability VCID-n9cz-g44c-4fht
9
vulnerability VCID-phrd-92uj-sygr
10
vulnerability VCID-v8hg-78p1-87bh
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22
1
url pkg:pypi/django@2.1.10
purl pkg:pypi/django@2.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-6s18-ssym-1bd6
3
vulnerability VCID-evu1-efcj-gfc5
4
vulnerability VCID-fynq-usj6-rfd3
5
vulnerability VCID-had1-mb3z-23dy
6
vulnerability VCID-hzcv-euwq-eqeg
7
vulnerability VCID-n9cz-g44c-4fht
8
vulnerability VCID-phrd-92uj-sygr
9
vulnerability VCID-v8hg-78p1-87bh
10
vulnerability VCID-vr6h-ymzh-1kb2
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10
2
url pkg:pypi/django@2.2.3
purl pkg:pypi/django@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-6s18-ssym-1bd6
5
vulnerability VCID-7b47-vsfh-y3gh
6
vulnerability VCID-81q1-gytk-2uaq
7
vulnerability VCID-9hp4-hn21-zkg8
8
vulnerability VCID-arff-yjfe-auhp
9
vulnerability VCID-b81v-3drw-xudf
10
vulnerability VCID-bbxx-48nj-pqcd
11
vulnerability VCID-dcv2-gx5a-pfe2
12
vulnerability VCID-dqkn-1888-y3er
13
vulnerability VCID-evu1-efcj-gfc5
14
vulnerability VCID-fc6y-y2b1-v3d5
15
vulnerability VCID-fynq-usj6-rfd3
16
vulnerability VCID-gxju-xjh2-z7bn
17
vulnerability VCID-had1-mb3z-23dy
18
vulnerability VCID-hzcv-euwq-eqeg
19
vulnerability VCID-jzbk-uswz-8ucg
20
vulnerability VCID-n9cz-g44c-4fht
21
vulnerability VCID-nxbs-37dx-rbbh
22
vulnerability VCID-phrd-92uj-sygr
23
vulnerability VCID-punr-dfy5-v3g1
24
vulnerability VCID-u53d-8afk-c3gq
25
vulnerability VCID-v8hg-78p1-87bh
26
vulnerability VCID-vr6h-ymzh-1kb2
27
vulnerability VCID-vyzr-dkz3-vfg6
28
vulnerability VCID-wv4b-pjet-r7d1
29
vulnerability VCID-x2hp-rmcn-gbah
30
vulnerability VCID-xb3c-6rew-z3ba
31
vulnerability VCID-xu9t-qtjz-bud8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3
aliases CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypwa-2rh9-gyex
Fixing_vulnerabilities
0
url VCID-bxu2-wqcg-1ueh
vulnerability_id VCID-bxu2-wqcg-1ueh
summary cross-site scripting
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12308
reference_id
reference_type
scores
0
value 0.01603
scoring_system epss
scoring_elements 0.8203
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12308
3
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/1.11.21
4
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21/
5
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/2.1.9
6
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9/
7
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/2.2.2
8
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2/
9
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
10
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
13
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
14
reference_url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
15
reference_url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
16
reference_url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
17
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
18
reference_url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
19
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
20
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
23
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/10
24
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
25
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4043-1
26
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
27
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4476
28
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
29
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
30
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/06/03/2
31
reference_url http://www.securityfocus.com/bid/108559
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108559
32
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927
reference_id 929927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927
33
reference_url https://security.archlinux.org/ASA-201906-2
reference_id ASA-201906-2
reference_type
scores
url https://security.archlinux.org/ASA-201906-2
34
reference_url https://security.archlinux.org/AVG-969
reference_id AVG-969
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-969
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
reference_id CVE-2019-12308
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
fixed_packages
0
url pkg:pypi/django@1.11.21
purl pkg:pypi/django@1.11.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-6s18-ssym-1bd6
2
vulnerability VCID-7b47-vsfh-y3gh
3
vulnerability VCID-arff-yjfe-auhp
4
vulnerability VCID-evu1-efcj-gfc5
5
vulnerability VCID-fynq-usj6-rfd3
6
vulnerability VCID-had1-mb3z-23dy
7
vulnerability VCID-hzcv-euwq-eqeg
8
vulnerability VCID-n9cz-g44c-4fht
9
vulnerability VCID-phrd-92uj-sygr
10
vulnerability VCID-v8hg-78p1-87bh
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
13
vulnerability VCID-yh41-twy2-c7c5
14
vulnerability VCID-ypwa-2rh9-gyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21
1
url pkg:pypi/django@2.1.9
purl pkg:pypi/django@2.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-6s18-ssym-1bd6
3
vulnerability VCID-evu1-efcj-gfc5
4
vulnerability VCID-fynq-usj6-rfd3
5
vulnerability VCID-had1-mb3z-23dy
6
vulnerability VCID-hzcv-euwq-eqeg
7
vulnerability VCID-n9cz-g44c-4fht
8
vulnerability VCID-phrd-92uj-sygr
9
vulnerability VCID-v8hg-78p1-87bh
10
vulnerability VCID-vr6h-ymzh-1kb2
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
13
vulnerability VCID-yh41-twy2-c7c5
14
vulnerability VCID-ypwa-2rh9-gyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9
2
url pkg:pypi/django@2.2.2
purl pkg:pypi/django@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-6s18-ssym-1bd6
5
vulnerability VCID-7b47-vsfh-y3gh
6
vulnerability VCID-81q1-gytk-2uaq
7
vulnerability VCID-9hp4-hn21-zkg8
8
vulnerability VCID-arff-yjfe-auhp
9
vulnerability VCID-b81v-3drw-xudf
10
vulnerability VCID-bbxx-48nj-pqcd
11
vulnerability VCID-dcv2-gx5a-pfe2
12
vulnerability VCID-dqkn-1888-y3er
13
vulnerability VCID-evu1-efcj-gfc5
14
vulnerability VCID-fc6y-y2b1-v3d5
15
vulnerability VCID-fynq-usj6-rfd3
16
vulnerability VCID-gxju-xjh2-z7bn
17
vulnerability VCID-had1-mb3z-23dy
18
vulnerability VCID-hzcv-euwq-eqeg
19
vulnerability VCID-jzbk-uswz-8ucg
20
vulnerability VCID-n9cz-g44c-4fht
21
vulnerability VCID-nxbs-37dx-rbbh
22
vulnerability VCID-phrd-92uj-sygr
23
vulnerability VCID-punr-dfy5-v3g1
24
vulnerability VCID-u53d-8afk-c3gq
25
vulnerability VCID-v8hg-78p1-87bh
26
vulnerability VCID-vr6h-ymzh-1kb2
27
vulnerability VCID-vyzr-dkz3-vfg6
28
vulnerability VCID-wv4b-pjet-r7d1
29
vulnerability VCID-x2hp-rmcn-gbah
30
vulnerability VCID-xb3c-6rew-z3ba
31
vulnerability VCID-xu9t-qtjz-bud8
32
vulnerability VCID-yh41-twy2-c7c5
33
vulnerability VCID-ypwa-2rh9-gyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2
aliases CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxu2-wqcg-1ueh
1
url VCID-k3fv-7e29-bfep
vulnerability_id VCID-k3fv-7e29-bfep
summary An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21/
3
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9/
4
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2/
5
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
6
reference_url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
7
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
8
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
10
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
11
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
12
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
13
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
14
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
15
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/06/03/2
16
reference_url http://www.securityfocus.com/bid/108559
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108559
fixed_packages
0
url pkg:pypi/django@1.11.21
purl pkg:pypi/django@1.11.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-6s18-ssym-1bd6
2
vulnerability VCID-7b47-vsfh-y3gh
3
vulnerability VCID-arff-yjfe-auhp
4
vulnerability VCID-evu1-efcj-gfc5
5
vulnerability VCID-fynq-usj6-rfd3
6
vulnerability VCID-had1-mb3z-23dy
7
vulnerability VCID-hzcv-euwq-eqeg
8
vulnerability VCID-n9cz-g44c-4fht
9
vulnerability VCID-phrd-92uj-sygr
10
vulnerability VCID-v8hg-78p1-87bh
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
13
vulnerability VCID-yh41-twy2-c7c5
14
vulnerability VCID-ypwa-2rh9-gyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21
1
url pkg:pypi/django@2.1.9
purl pkg:pypi/django@2.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-3gvv-5jbs-cfc1
2
vulnerability VCID-6s18-ssym-1bd6
3
vulnerability VCID-evu1-efcj-gfc5
4
vulnerability VCID-fynq-usj6-rfd3
5
vulnerability VCID-had1-mb3z-23dy
6
vulnerability VCID-hzcv-euwq-eqeg
7
vulnerability VCID-n9cz-g44c-4fht
8
vulnerability VCID-phrd-92uj-sygr
9
vulnerability VCID-v8hg-78p1-87bh
10
vulnerability VCID-vr6h-ymzh-1kb2
11
vulnerability VCID-wv4b-pjet-r7d1
12
vulnerability VCID-x2hp-rmcn-gbah
13
vulnerability VCID-yh41-twy2-c7c5
14
vulnerability VCID-ypwa-2rh9-gyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9
2
url pkg:pypi/django@2.2.2
purl pkg:pypi/django@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bh9-k4at-r7hz
1
vulnerability VCID-2f2p-wfbs-73hz
2
vulnerability VCID-3gvv-5jbs-cfc1
3
vulnerability VCID-5a2y-2m62-1qfa
4
vulnerability VCID-6s18-ssym-1bd6
5
vulnerability VCID-7b47-vsfh-y3gh
6
vulnerability VCID-81q1-gytk-2uaq
7
vulnerability VCID-9hp4-hn21-zkg8
8
vulnerability VCID-arff-yjfe-auhp
9
vulnerability VCID-b81v-3drw-xudf
10
vulnerability VCID-bbxx-48nj-pqcd
11
vulnerability VCID-dcv2-gx5a-pfe2
12
vulnerability VCID-dqkn-1888-y3er
13
vulnerability VCID-evu1-efcj-gfc5
14
vulnerability VCID-fc6y-y2b1-v3d5
15
vulnerability VCID-fynq-usj6-rfd3
16
vulnerability VCID-gxju-xjh2-z7bn
17
vulnerability VCID-had1-mb3z-23dy
18
vulnerability VCID-hzcv-euwq-eqeg
19
vulnerability VCID-jzbk-uswz-8ucg
20
vulnerability VCID-n9cz-g44c-4fht
21
vulnerability VCID-nxbs-37dx-rbbh
22
vulnerability VCID-phrd-92uj-sygr
23
vulnerability VCID-punr-dfy5-v3g1
24
vulnerability VCID-u53d-8afk-c3gq
25
vulnerability VCID-v8hg-78p1-87bh
26
vulnerability VCID-vr6h-ymzh-1kb2
27
vulnerability VCID-vyzr-dkz3-vfg6
28
vulnerability VCID-wv4b-pjet-r7d1
29
vulnerability VCID-x2hp-rmcn-gbah
30
vulnerability VCID-xb3c-6rew-z3ba
31
vulnerability VCID-xu9t-qtjz-bud8
32
vulnerability VCID-yh41-twy2-c7c5
33
vulnerability VCID-ypwa-2rh9-gyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2
aliases PYSEC-2019-9
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3fv-7e29-bfep
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21