Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@6.0
Typepypi
Namespace
Namedjango
Version6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.3
Latest_non_vulnerable_version6.0.4
Affected_by_vulnerabilities
0
url VCID-1adz-zw3h-pqek
vulnerability_id VCID-1adz-zw3h-pqek
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3902
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03064
published_at 2026-04-21T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10679
published_at 2026-04-08T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10735
published_at 2026-04-09T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10749
published_at 2026-04-11T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10717
published_at 2026-04-12T12:55:00Z
5
value 0.00047
scoring_system epss
scoring_elements 0.14623
published_at 2026-04-13T12:55:00Z
6
value 0.00047
scoring_system epss
scoring_elements 0.14521
published_at 2026-04-18T12:55:00Z
7
value 0.00047
scoring_system epss
scoring_elements 0.14514
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3902
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455935
reference_id 2455935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455935
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3902
reference_id CVE-2026-3902
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3902
11
reference_url https://github.com/advisories/GHSA-mvfq-ggxm-9mc5
reference_id GHSA-mvfq-ggxm-9mc5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mvfq-ggxm-9mc5
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
fixed_packages
0
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-3902, GHSA-mvfq-ggxm-9mc5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1adz-zw3h-pqek
1
url VCID-28g3-ubx6-ebff
vulnerability_id VCID-28g3-ubx6-ebff
summary 
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20187
published_at 2026-04-02T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20125
published_at 2026-04-11T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20106
published_at 2026-04-09T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20047
published_at 2026-04-08T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19968
published_at 2026-04-07T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.20242
published_at 2026-04-04T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20824
published_at 2026-04-12T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20742
published_at 2026-04-21T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20754
published_at 2026-04-18T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20761
published_at 2026-04-16T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20771
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
reference_id 2436340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
12
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
17
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
18
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac4c-321h-tqfk
1
vulnerability VCID-nda7-9219-6kce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1285, GHSA-4rrr-2h4v-f3j9
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff
2
url VCID-2tfv-rtq7-2fg9
vulnerability_id VCID-2tfv-rtq7-2fg9
summary 
Django has Observable Timing Discrepancy
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08681
published_at 2026-04-02T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08755
published_at 2026-04-11T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.0873
published_at 2026-04-08T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08653
published_at 2026-04-07T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.08729
published_at 2026-04-04T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10506
published_at 2026-04-18T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10648
published_at 2026-04-12T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10631
published_at 2026-04-21T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10623
published_at 2026-04-13T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.10488
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
reference_id 2436343
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
11
reference_url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
reference_id GHSA-2mcm-79hx-8fxw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
12
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
13
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac4c-321h-tqfk
1
vulnerability VCID-nda7-9219-6kce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2025-13473, GHSA-2mcm-79hx-8fxw
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tfv-rtq7-2fg9
3
url VCID-46pv-pzsu-jucd
vulnerability_id VCID-46pv-pzsu-jucd
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4292
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01049
published_at 2026-04-13T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02021
published_at 2026-04-21T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01936
published_at 2026-04-18T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.01934
published_at 2026-04-16T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00676
published_at 2026-04-08T12:55:00Z
5
value 8e-05
scoring_system epss
scoring_elements 0.00661
published_at 2026-04-12T12:55:00Z
6
value 8e-05
scoring_system epss
scoring_elements 0.00667
published_at 2026-04-11T12:55:00Z
7
value 8e-05
scoring_system epss
scoring_elements 0.00668
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455941
reference_id 2455941
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455941
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4292
reference_id CVE-2026-4292
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4292
11
reference_url https://github.com/advisories/GHSA-mmwr-2jhp-mc7j
reference_id GHSA-mmwr-2jhp-mc7j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmwr-2jhp-mc7j
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
14
reference_url https://usn.ubuntu.com/8154-2/
reference_id USN-8154-2
reference_type
scores
url https://usn.ubuntu.com/8154-2/
fixed_packages
0
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-4292, GHSA-mmwr-2jhp-mc7j
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46pv-pzsu-jucd
4
url VCID-8qu1-45n9-gyb1
vulnerability_id VCID-8qu1-45n9-gyb1
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01067
published_at 2026-04-11T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01084
published_at 2026-04-08T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01079
published_at 2026-04-07T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01072
published_at 2026-04-04T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01069
published_at 2026-04-02T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01534
published_at 2026-04-21T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01443
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01444
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-04-16T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01446
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
reference_id 2436339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
12
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
17
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
19
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
20
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac4c-321h-tqfk
1
vulnerability VCID-nda7-9219-6kce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1287, GHSA-gvg8-93h5-g6qq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1
5
url VCID-ac4c-321h-tqfk
vulnerability_id VCID-ac4c-321h-tqfk
summary 
Django has a Race Condition vulnerability
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.

Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments.

Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25674.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25674.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25674
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01096
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01377
published_at 2026-04-21T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01299
published_at 2026-04-13T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01311
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01316
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01319
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01303
published_at 2026-04-18T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01297
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01289
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25674
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:27:07Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25674
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25674
8
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129595
reference_id 1129595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129595
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2444111
reference_id 2444111
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2444111
11
reference_url https://github.com/advisories/GHSA-mjgh-79qc-68w3
reference_id GHSA-mjgh-79qc-68w3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjgh-79qc-68w3
12
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:27:07Z/
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
fixed_packages
0
url pkg:pypi/django@6.0.3
purl pkg:pypi/django@6.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.3
aliases CVE-2026-25674, GHSA-mjgh-79qc-68w3
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ac4c-321h-tqfk
6
url VCID-e9k9-1s9f-dbgv
vulnerability_id VCID-e9k9-1s9f-dbgv
summary 
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Jiyong Yang for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18717
published_at 2026-04-02T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18625
published_at 2026-04-11T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18621
published_at 2026-04-09T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18568
published_at 2026-04-08T12:55:00Z
4
value 0.00059
scoring_system epss
scoring_elements 0.18487
published_at 2026-04-07T12:55:00Z
5
value 0.00059
scoring_system epss
scoring_elements 0.18771
published_at 2026-04-04T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19259
published_at 2026-04-13T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19244
published_at 2026-04-21T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.1923
published_at 2026-04-18T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.19221
published_at 2026-04-16T12:55:00Z
10
value 0.00062
scoring_system epss
scoring_elements 0.19314
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
reference_id 2436341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
11
reference_url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
reference_id GHSA-33mw-q7rj-mjwj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
12
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
13
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
14
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
15
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
16
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
17
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac4c-321h-tqfk
1
vulnerability VCID-nda7-9219-6kce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2025-14550, GHSA-33mw-q7rj-mjwj
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9k9-1s9f-dbgv
7
url VCID-ff2a-at5f-2qa8
vulnerability_id VCID-ff2a-at5f-2qa8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33033
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12909
published_at 2026-04-21T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.2707
published_at 2026-04-08T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.27077
published_at 2026-04-12T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.2712
published_at 2026-04-11T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.27116
published_at 2026-04-09T12:55:00Z
5
value 0.0011
scoring_system epss
scoring_elements 0.29376
published_at 2026-04-13T12:55:00Z
6
value 0.00133
scoring_system epss
scoring_elements 0.32886
published_at 2026-04-16T12:55:00Z
7
value 0.00133
scoring_system epss
scoring_elements 0.32864
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33033
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455962
reference_id 2455962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455962
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33033
reference_id CVE-2026-33033
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33033
11
reference_url https://github.com/advisories/GHSA-5mf9-h53q-7mhq
reference_id GHSA-5mf9-h53q-7mhq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mf9-h53q-7mhq
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
14
reference_url https://usn.ubuntu.com/8154-2/
reference_id USN-8154-2
reference_type
scores
url https://usn.ubuntu.com/8154-2/
fixed_packages
0
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-33033, GHSA-5mf9-h53q-7mhq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ff2a-at5f-2qa8
8
url VCID-gfym-spzk-w7gk
vulnerability_id VCID-gfym-spzk-w7gk
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4277
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01986
published_at 2026-04-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.0197
published_at 2026-04-08T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05434
published_at 2026-04-21T12:55:00Z
3
value 0.0004
scoring_system epss
scoring_elements 0.12281
published_at 2026-04-12T12:55:00Z
4
value 0.0004
scoring_system epss
scoring_elements 0.12317
published_at 2026-04-11T12:55:00Z
5
value 0.00053
scoring_system epss
scoring_elements 0.16578
published_at 2026-04-13T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17458
published_at 2026-04-18T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17449
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4277
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455939
reference_id 2455939
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455939
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4277
reference_id CVE-2026-4277
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4277
11
reference_url https://github.com/advisories/GHSA-pwjp-ccjc-ghwg
reference_id GHSA-pwjp-ccjc-ghwg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwjp-ccjc-ghwg
12
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
13
reference_url https://usn.ubuntu.com/8154-2/
reference_id USN-8154-2
reference_type
scores
url https://usn.ubuntu.com/8154-2/
fixed_packages
0
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-4277, GHSA-pwjp-ccjc-ghwg
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfym-spzk-w7gk
9
url VCID-msge-1mfu-7qfa
vulnerability_id VCID-msge-1mfu-7qfa
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01069
published_at 2026-04-02T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01067
published_at 2026-04-11T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-09T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01084
published_at 2026-04-08T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01079
published_at 2026-04-07T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01072
published_at 2026-04-04T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01446
published_at 2026-04-18T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-04-16T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01444
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01443
published_at 2026-04-12T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01534
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
7
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://groups.google.com/g/django-announce
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
reference_id 2436342
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
13
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6426-9fv3-65x8
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
16
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
17
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
18
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
19
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
20
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
21
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac4c-321h-tqfk
1
vulnerability VCID-nda7-9219-6kce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1312, GHSA-6426-9fv3-65x8
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa
10
url VCID-nda7-9219-6kce
vulnerability_id VCID-nda7-9219-6kce
summary 
Django vulnerable to Uncontrolled Resource Consumption
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.

`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters.

Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25673.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25673.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25673
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43562
published_at 2026-04-02T12:55:00Z
1
value 0.00229
scoring_system epss
scoring_elements 0.45746
published_at 2026-04-21T12:55:00Z
2
value 0.00229
scoring_system epss
scoring_elements 0.45751
published_at 2026-04-04T12:55:00Z
3
value 0.00229
scoring_system epss
scoring_elements 0.457
published_at 2026-04-07T12:55:00Z
4
value 0.00229
scoring_system epss
scoring_elements 0.45757
published_at 2026-04-08T12:55:00Z
5
value 0.00229
scoring_system epss
scoring_elements 0.45753
published_at 2026-04-09T12:55:00Z
6
value 0.00229
scoring_system epss
scoring_elements 0.45775
published_at 2026-04-11T12:55:00Z
7
value 0.00229
scoring_system epss
scoring_elements 0.45745
published_at 2026-04-12T12:55:00Z
8
value 0.00229
scoring_system epss
scoring_elements 0.45754
published_at 2026-04-13T12:55:00Z
9
value 0.00229
scoring_system epss
scoring_elements 0.45804
published_at 2026-04-16T12:55:00Z
10
value 0.00229
scoring_system epss
scoring_elements 0.45799
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25673
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:25:53Z/
url https://groups.google.com/g/django-announce
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25673
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25673
7
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2444115
reference_id 2444115
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2444115
9
reference_url https://github.com/advisories/GHSA-8p8v-wh79-9r56
reference_id GHSA-8p8v-wh79-9r56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8p8v-wh79-9r56
10
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:25:53Z/
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
fixed_packages
0
url pkg:pypi/django@6.0.3
purl pkg:pypi/django@6.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.3
aliases CVE-2026-25673, GHSA-8p8v-wh79-9r56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nda7-9219-6kce
11
url VCID-ssut-reka-r3f8
vulnerability_id VCID-ssut-reka-r3f8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33034
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06742
published_at 2026-04-12T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06749
published_at 2026-04-11T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.0675
published_at 2026-04-09T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.06717
published_at 2026-04-08T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09313
published_at 2026-04-21T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09326
published_at 2026-04-13T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09166
published_at 2026-04-16T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.0916
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33034
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
reference_id 1132927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455927
reference_id 2455927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455927
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33034
reference_id CVE-2026-33034
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33034
11
reference_url https://github.com/advisories/GHSA-933h-hp56-hf7m
reference_id GHSA-933h-hp56-hf7m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-933h-hp56-hf7m
12
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
13
reference_url https://usn.ubuntu.com/8154-1/
reference_id USN-8154-1
reference_type
scores
url https://usn.ubuntu.com/8154-1/
fixed_packages
0
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-33034, GHSA-933h-hp56-hf7m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssut-reka-r3f8
12
url VCID-ysyp-h7ja-yff3
vulnerability_id VCID-ysyp-h7ja-yff3
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
reference_id
reference_type
scores
0
value 0.03841
scoring_system epss
scoring_elements 0.88188
published_at 2026-04-11T12:55:00Z
1
value 0.03841
scoring_system epss
scoring_elements 0.88178
published_at 2026-04-09T12:55:00Z
2
value 0.03841
scoring_system epss
scoring_elements 0.88172
published_at 2026-04-08T12:55:00Z
3
value 0.03841
scoring_system epss
scoring_elements 0.88153
published_at 2026-04-07T12:55:00Z
4
value 0.03841
scoring_system epss
scoring_elements 0.88146
published_at 2026-04-04T12:55:00Z
5
value 0.04424
scoring_system epss
scoring_elements 0.89043
published_at 2026-04-21T12:55:00Z
6
value 0.04424
scoring_system epss
scoring_elements 0.89048
published_at 2026-04-18T12:55:00Z
7
value 0.04424
scoring_system epss
scoring_elements 0.89035
published_at 2026-04-13T12:55:00Z
8
value 0.04424
scoring_system epss
scoring_elements 0.89037
published_at 2026-04-12T12:55:00Z
9
value 0.05126
scoring_system epss
scoring_elements 0.8982
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
reference_id 2436338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
12
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwm9-4648-f68q
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
17
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
19
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
20
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac4c-321h-tqfk
1
vulnerability VCID-nda7-9219-6kce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1207, GHSA-mwm9-4648-f68q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0