Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@2.2.13
Typepypi
Namespace
Namedjango
Version2.2.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.28
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-51tx-4tp9-kbcz
vulnerability_id VCID-51tx-4tp9-kbcz
summary
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-6cw3-g6wv-c2xv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6cw3-g6wv-c2xv
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
reference_id
reference_type
scores
url https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
5
reference_url https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
reference_id
reference_type
scores
url https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
6
reference_url https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
reference_id
reference_type
scores
url https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
10
reference_url https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220221-0003
11
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5254
12
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
13
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
14
reference_url https://security.archlinux.org/AVG-2808
reference_id AVG-2808
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2808
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23833
reference_id CVE-2022-23833
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-23833
fixed_packages
0
url pkg:pypi/django@2.2.27
purl pkg:pypi/django@2.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-drwp-htkk-bkfh
1
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27
1
url pkg:pypi/django@3.2.12
purl pkg:pypi/django@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-am3f-c5ex-8ff2
4
vulnerability VCID-au8h-vj9k-pufv
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-f4a7-tcz5-byfj
7
vulnerability VCID-fsaw-3ta1-x3dw
8
vulnerability VCID-m1dr-sjmw-jfd2
9
vulnerability VCID-m33h-4p9q-63fb
10
vulnerability VCID-nss9-1yrb-x7f2
11
vulnerability VCID-qgp1-4efd-6yg6
12
vulnerability VCID-yuda-1mur-8bbq
13
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12
2
url pkg:pypi/django@4.0.2
purl pkg:pypi/django@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-au8h-vj9k-pufv
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-f4a7-tcz5-byfj
6
vulnerability VCID-m1dr-sjmw-jfd2
7
vulnerability VCID-nss9-1yrb-x7f2
8
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2
aliases CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51tx-4tp9-kbcz
1
url VCID-6jpg-yrf8-cufy
vulnerability_id VCID-6jpg-yrf8-cufy
summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-53qw-q765-4fww
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-53qw-q765-4fww
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
reference_id
reference_type
scores
url https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
5
reference_url https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
reference_id
reference_type
scores
url https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
6
reference_url https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
reference_id
reference_type
scores
url https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
10
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220121-0005
11
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
12
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45115
reference_id CVE-2021-45115
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45115
fixed_packages
0
url pkg:pypi/django@2.2.26
purl pkg:pypi/django@2.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-attf-6gj8-ebaj
2
vulnerability VCID-drwp-htkk-bkfh
3
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26
1
url pkg:pypi/django@3.2.11
purl pkg:pypi/django@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-am3f-c5ex-8ff2
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-au8h-vj9k-pufv
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-f4a7-tcz5-byfj
9
vulnerability VCID-fsaw-3ta1-x3dw
10
vulnerability VCID-m1dr-sjmw-jfd2
11
vulnerability VCID-m33h-4p9q-63fb
12
vulnerability VCID-nss9-1yrb-x7f2
13
vulnerability VCID-qgp1-4efd-6yg6
14
vulnerability VCID-yuda-1mur-8bbq
15
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11
2
url pkg:pypi/django@4.0.1
purl pkg:pypi/django@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-au8h-vj9k-pufv
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-f4a7-tcz5-byfj
8
vulnerability VCID-m1dr-sjmw-jfd2
9
vulnerability VCID-nss9-1yrb-x7f2
10
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1
aliases CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy
2
url VCID-9end-mq19-rke5
vulnerability_id VCID-9end-mq19-rke5
summary Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-jrh2-hc4r-7jwx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-jrh2-hc4r-7jwx
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
reference_id
reference_type
scores
url https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
5
reference_url https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
reference_id
reference_type
scores
url https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
6
reference_url https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6
reference_id
reference_type
scores
url https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
10
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220121-0005
11
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
12
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45452
reference_id CVE-2021-45452
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45452
fixed_packages
0
url pkg:pypi/django@2.2.26
purl pkg:pypi/django@2.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-attf-6gj8-ebaj
2
vulnerability VCID-drwp-htkk-bkfh
3
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26
1
url pkg:pypi/django@3.2.11
purl pkg:pypi/django@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-am3f-c5ex-8ff2
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-au8h-vj9k-pufv
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-f4a7-tcz5-byfj
9
vulnerability VCID-fsaw-3ta1-x3dw
10
vulnerability VCID-m1dr-sjmw-jfd2
11
vulnerability VCID-m33h-4p9q-63fb
12
vulnerability VCID-nss9-1yrb-x7f2
13
vulnerability VCID-qgp1-4efd-6yg6
14
vulnerability VCID-yuda-1mur-8bbq
15
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11
2
url pkg:pypi/django@4.0.1
purl pkg:pypi/django@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-au8h-vj9k-pufv
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-f4a7-tcz5-byfj
8
vulnerability VCID-m1dr-sjmw-jfd2
9
vulnerability VCID-nss9-1yrb-x7f2
10
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1
aliases CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9end-mq19-rke5
3
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
4
url VCID-attf-6gj8-ebaj
vulnerability_id VCID-attf-6gj8-ebaj
summary
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-95rw-fx8r-36v6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-95rw-fx8r-36v6
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
reference_id
reference_type
scores
url https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
5
reference_url https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
reference_id
reference_type
scores
url https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
6
reference_url https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
reference_id
reference_type
scores
url https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
10
reference_url https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220221-0003
11
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5254
12
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
13
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
14
reference_url https://security.archlinux.org/AVG-2808
reference_id AVG-2808
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2808
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22818
reference_id CVE-2022-22818
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22818
fixed_packages
0
url pkg:pypi/django@2.2.27
purl pkg:pypi/django@2.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-drwp-htkk-bkfh
1
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27
1
url pkg:pypi/django@3.2.12
purl pkg:pypi/django@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-am3f-c5ex-8ff2
4
vulnerability VCID-au8h-vj9k-pufv
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-f4a7-tcz5-byfj
7
vulnerability VCID-fsaw-3ta1-x3dw
8
vulnerability VCID-m1dr-sjmw-jfd2
9
vulnerability VCID-m33h-4p9q-63fb
10
vulnerability VCID-nss9-1yrb-x7f2
11
vulnerability VCID-qgp1-4efd-6yg6
12
vulnerability VCID-yuda-1mur-8bbq
13
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12
2
url pkg:pypi/django@4.0.2
purl pkg:pypi/django@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-au8h-vj9k-pufv
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-f4a7-tcz5-byfj
6
vulnerability VCID-m1dr-sjmw-jfd2
7
vulnerability VCID-nss9-1yrb-x7f2
8
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2
aliases CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-attf-6gj8-ebaj
5
url VCID-drwp-htkk-bkfh
vulnerability_id VCID-drwp-htkk-bkfh
summary sql injection
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-w24h-v9qh-8gxj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-w24h-v9qh-8gxj
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
reference_id
reference_type
scores
url https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
5
reference_url https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
reference_id
reference_type
scores
url https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
6
reference_url https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
reference_id
reference_type
scores
url https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
7
reference_url https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
reference_id
reference_type
scores
url https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
12
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5254
13
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
14
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
15
reference_url http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2022/04/11/1
16
reference_url https://security.archlinux.org/ASA-202204-9
reference_id ASA-202204-9
reference_type
scores
url https://security.archlinux.org/ASA-202204-9
17
reference_url https://security.archlinux.org/AVG-2667
reference_id AVG-2667
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2667
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28347
reference_id CVE-2022-28347
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-28347
fixed_packages
0
url pkg:pypi/django@2.2.28
purl pkg:pypi/django@2.2.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28
1
url pkg:pypi/django@3.2.13
purl pkg:pypi/django@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-am3f-c5ex-8ff2
4
vulnerability VCID-au8h-vj9k-pufv
5
vulnerability VCID-f4a7-tcz5-byfj
6
vulnerability VCID-fsaw-3ta1-x3dw
7
vulnerability VCID-m1dr-sjmw-jfd2
8
vulnerability VCID-m33h-4p9q-63fb
9
vulnerability VCID-qgp1-4efd-6yg6
10
vulnerability VCID-yuda-1mur-8bbq
11
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13
2
url pkg:pypi/django@4.0.4
purl pkg:pypi/django@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-au8h-vj9k-pufv
4
vulnerability VCID-f4a7-tcz5-byfj
5
vulnerability VCID-m1dr-sjmw-jfd2
6
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4
aliases CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drwp-htkk-bkfh
6
url VCID-fhp8-tck4-mye4
vulnerability_id VCID-fhp8-tck4-mye4
summary In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
references
0
reference_url https://docs.djangoproject.com/en/3.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.1/releases/security/
1
reference_url https://github.com/advisories/GHSA-xgxc-v2qg-chmh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xgxc-v2qg-chmh
2
reference_url https://groups.google.com/g/django-announce/c/ePr5j-ngdPU
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce/c/ePr5j-ngdPU
3
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
5
reference_url https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
fixed_packages
0
url pkg:pypi/django@2.2.20
purl pkg:pypi/django@2.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fksk-pr23-2yd8
7
vulnerability VCID-j81e-su1y-tqa6
8
vulnerability VCID-n9vn-4uxr-hkau
9
vulnerability VCID-nss9-1yrb-x7f2
10
vulnerability VCID-u9q1-63gf-7feh
11
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.20
1
url pkg:pypi/django@3.0.14
purl pkg:pypi/django@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.14
2
url pkg:pypi/django@3.1.8
purl pkg:pypi/django@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-j81e-su1y-tqa6
3
vulnerability VCID-n9vn-4uxr-hkau
4
vulnerability VCID-u9q1-63gf-7feh
5
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.8
aliases CVE-2021-28658, GHSA-xgxc-v2qg-chmh, PYSEC-2021-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4
7
url VCID-fksk-pr23-2yd8
vulnerability_id VCID-fksk-pr23-2yd8
summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-8c5j-9r9f-c6w8
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8c5j-9r9f-c6w8
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
reference_id
reference_type
scores
url https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
5
reference_url https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
6
reference_url https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
reference_id
reference_type
scores
url https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
10
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220121-0005
11
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
12
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45116
reference_id CVE-2021-45116
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45116
fixed_packages
0
url pkg:pypi/django@2.2.26
purl pkg:pypi/django@2.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-attf-6gj8-ebaj
2
vulnerability VCID-drwp-htkk-bkfh
3
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26
1
url pkg:pypi/django@3.2.11
purl pkg:pypi/django@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-am3f-c5ex-8ff2
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-au8h-vj9k-pufv
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-f4a7-tcz5-byfj
9
vulnerability VCID-fsaw-3ta1-x3dw
10
vulnerability VCID-m1dr-sjmw-jfd2
11
vulnerability VCID-m33h-4p9q-63fb
12
vulnerability VCID-nss9-1yrb-x7f2
13
vulnerability VCID-qgp1-4efd-6yg6
14
vulnerability VCID-yuda-1mur-8bbq
15
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11
2
url pkg:pypi/django@4.0.1
purl pkg:pypi/django@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-au8h-vj9k-pufv
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-f4a7-tcz5-byfj
8
vulnerability VCID-m1dr-sjmw-jfd2
9
vulnerability VCID-nss9-1yrb-x7f2
10
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1
aliases CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fksk-pr23-2yd8
8
url VCID-hh9b-52xn-z7a9
vulnerability_id VCID-hh9b-52xn-z7a9
summary An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://github.com/advisories/GHSA-fr28-569j-53c4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fr28-569j-53c4
2
reference_url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
3
reference_url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
7
reference_url https://security.netapp.com/advisory/ntap-20200918-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200918-0004/
8
reference_url https://usn.ubuntu.com/4479-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4479-1/
9
reference_url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
10
reference_url https://www.openwall.com/lists/oss-security/2020/09/01/2
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/09/01/2
11
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
fixed_packages
0
url pkg:pypi/django@2.2.16
purl pkg:pypi/django@2.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fhp8-tck4-mye4
7
vulnerability VCID-fksk-pr23-2yd8
8
vulnerability VCID-j81e-su1y-tqa6
9
vulnerability VCID-n9vn-4uxr-hkau
10
vulnerability VCID-nss9-1yrb-x7f2
11
vulnerability VCID-q8r2-m9s6-rbek
12
vulnerability VCID-u9q1-63gf-7feh
13
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16
1
url pkg:pypi/django@3.0.10
purl pkg:pypi/django@3.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-fhp8-tck4-mye4
2
vulnerability VCID-q8r2-m9s6-rbek
3
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10
2
url pkg:pypi/django@3.1.1
purl pkg:pypi/django@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-j81e-su1y-tqa6
4
vulnerability VCID-n9vn-4uxr-hkau
5
vulnerability VCID-q8r2-m9s6-rbek
6
vulnerability VCID-u9q1-63gf-7feh
7
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1
aliases CVE-2020-24584, GHSA-fr28-569j-53c4, PYSEC-2020-34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh9b-52xn-z7a9
9
url VCID-j81e-su1y-tqa6
vulnerability_id VCID-j81e-su1y-tqa6
summary In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
5
reference_url https://www.djangoproject.com/weblog/2021/may/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/may/04/security-releases/
6
reference_url http://www.openwall.com/lists/oss-security/2021/05/04/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/04/3
fixed_packages
0
url pkg:pypi/django@2.2.21
purl pkg:pypi/django@2.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fksk-pr23-2yd8
7
vulnerability VCID-n9vn-4uxr-hkau
8
vulnerability VCID-nss9-1yrb-x7f2
9
vulnerability VCID-u9q1-63gf-7feh
10
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.21
1
url pkg:pypi/django@3.1.9
purl pkg:pypi/django@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-n9vn-4uxr-hkau
3
vulnerability VCID-u9q1-63gf-7feh
4
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.9
2
url pkg:pypi/django@3.2.1
purl pkg:pypi/django@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-am3f-c5ex-8ff2
9
vulnerability VCID-attf-6gj8-ebaj
10
vulnerability VCID-au8h-vj9k-pufv
11
vulnerability VCID-drwp-htkk-bkfh
12
vulnerability VCID-f4a7-tcz5-byfj
13
vulnerability VCID-fksk-pr23-2yd8
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-m1dr-sjmw-jfd2
16
vulnerability VCID-m33h-4p9q-63fb
17
vulnerability VCID-n9vn-4uxr-hkau
18
vulnerability VCID-nss9-1yrb-x7f2
19
vulnerability VCID-qgp1-4efd-6yg6
20
vulnerability VCID-u9q1-63gf-7feh
21
vulnerability VCID-yuda-1mur-8bbq
22
vulnerability VCID-z4x1-e7tp-rqhz
23
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1
aliases CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6
10
url VCID-n9vn-4uxr-hkau
vulnerability_id VCID-n9vn-4uxr-hkau
summary In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security
1
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
2
reference_url https://github.com/advisories/GHSA-v6rh-hp5x-86rv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-v6rh-hp5x-86rv
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
reference_id
reference_type
scores
url https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
6
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
8
reference_url https://security.netapp.com/advisory/ntap-20211229-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20211229-0006
9
reference_url https://www.djangoproject.com/weblog/2021/dec/07/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/dec/07/security-releases
10
reference_url https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
11
reference_url https://www.openwall.com/lists/oss-security/2021/12/07/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2021/12/07/1
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44420
reference_id CVE-2021-44420
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-44420
fixed_packages
0
url pkg:pypi/django@2.2.25
purl pkg:pypi/django@2.2.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.25
1
url pkg:pypi/django@3.1.14
purl pkg:pypi/django@3.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.14
2
url pkg:pypi/django@3.2.10
purl pkg:pypi/django@3.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-51tx-4tp9-kbcz
4
vulnerability VCID-6jpg-yrf8-cufy
5
vulnerability VCID-9end-mq19-rke5
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-attf-6gj8-ebaj
8
vulnerability VCID-au8h-vj9k-pufv
9
vulnerability VCID-drwp-htkk-bkfh
10
vulnerability VCID-f4a7-tcz5-byfj
11
vulnerability VCID-fksk-pr23-2yd8
12
vulnerability VCID-fsaw-3ta1-x3dw
13
vulnerability VCID-m1dr-sjmw-jfd2
14
vulnerability VCID-m33h-4p9q-63fb
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-qgp1-4efd-6yg6
17
vulnerability VCID-yuda-1mur-8bbq
18
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10
aliases CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau
11
url VCID-nss9-1yrb-x7f2
vulnerability_id VCID-nss9-1yrb-x7f2
summary sql injection
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
2
reference_url https://github.com/advisories/GHSA-2gwj-7jmv-h26r
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2gwj-7jmv-h26r
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
reference_id
reference_type
scores
url https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
5
reference_url https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
reference_id
reference_type
scores
url https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
6
reference_url https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
reference_id
reference_type
scores
url https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
7
reference_url https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
reference_id
reference_type
scores
url https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
13
reference_url https://security.netapp.com/advisory/ntap-20220609-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220609-0002
14
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5254
15
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
16
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
17
reference_url http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2022/04/11/1
18
reference_url https://security.archlinux.org/ASA-202204-9
reference_id ASA-202204-9
reference_type
scores
url https://security.archlinux.org/ASA-202204-9
19
reference_url https://security.archlinux.org/AVG-2667
reference_id AVG-2667
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2667
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28346
reference_id CVE-2022-28346
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-28346
fixed_packages
0
url pkg:pypi/django@2.2.28
purl pkg:pypi/django@2.2.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28
1
url pkg:pypi/django@3.2.13
purl pkg:pypi/django@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-am3f-c5ex-8ff2
4
vulnerability VCID-au8h-vj9k-pufv
5
vulnerability VCID-f4a7-tcz5-byfj
6
vulnerability VCID-fsaw-3ta1-x3dw
7
vulnerability VCID-m1dr-sjmw-jfd2
8
vulnerability VCID-m33h-4p9q-63fb
9
vulnerability VCID-qgp1-4efd-6yg6
10
vulnerability VCID-yuda-1mur-8bbq
11
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13
2
url pkg:pypi/django@4.0.4
purl pkg:pypi/django@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4z4e-8ttu-tyd6
3
vulnerability VCID-au8h-vj9k-pufv
4
vulnerability VCID-f4a7-tcz5-byfj
5
vulnerability VCID-m1dr-sjmw-jfd2
6
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4
aliases CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nss9-1yrb-x7f2
12
url VCID-q8r2-m9s6-rbek
vulnerability_id VCID-q8r2-m9s6-rbek
summary In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
references
0
reference_url https://docs.djangoproject.com/en/3.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.1/releases/security/
1
reference_url https://github.com/advisories/GHSA-fvgf-6h6h-3322
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fvgf-6h6h-3322
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/
4
reference_url https://security.netapp.com/advisory/ntap-20210226-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210226-0004/
5
reference_url https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
fixed_packages
0
url pkg:pypi/django@2.2.18
purl pkg:pypi/django@2.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fhp8-tck4-mye4
7
vulnerability VCID-fksk-pr23-2yd8
8
vulnerability VCID-j81e-su1y-tqa6
9
vulnerability VCID-n9vn-4uxr-hkau
10
vulnerability VCID-nss9-1yrb-x7f2
11
vulnerability VCID-u9q1-63gf-7feh
12
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.18
1
url pkg:pypi/django@3.0.12
purl pkg:pypi/django@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-fhp8-tck4-mye4
2
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.12
2
url pkg:pypi/django@3.1.6
purl pkg:pypi/django@3.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-j81e-su1y-tqa6
4
vulnerability VCID-n9vn-4uxr-hkau
5
vulnerability VCID-u9q1-63gf-7feh
6
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.6
aliases CVE-2021-3281, GHSA-fvgf-6h6h-3322, PYSEC-2021-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek
13
url VCID-qvfs-2v1h-p3h4
vulnerability_id VCID-qvfs-2v1h-p3h4
summary An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://github.com/advisories/GHSA-m6gj-h9gm-gw44
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-m6gj-h9gm-gw44
2
reference_url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
3
reference_url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
7
reference_url https://security.netapp.com/advisory/ntap-20200918-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200918-0004/
8
reference_url https://usn.ubuntu.com/4479-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4479-1/
9
reference_url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
10
reference_url https://www.openwall.com/lists/oss-security/2020/09/01/2
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/09/01/2
11
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
fixed_packages
0
url pkg:pypi/django@2.2.16
purl pkg:pypi/django@2.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fhp8-tck4-mye4
7
vulnerability VCID-fksk-pr23-2yd8
8
vulnerability VCID-j81e-su1y-tqa6
9
vulnerability VCID-n9vn-4uxr-hkau
10
vulnerability VCID-nss9-1yrb-x7f2
11
vulnerability VCID-q8r2-m9s6-rbek
12
vulnerability VCID-u9q1-63gf-7feh
13
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16
1
url pkg:pypi/django@3.0.10
purl pkg:pypi/django@3.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-fhp8-tck4-mye4
2
vulnerability VCID-q8r2-m9s6-rbek
3
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10
2
url pkg:pypi/django@3.1.1
purl pkg:pypi/django@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-j81e-su1y-tqa6
4
vulnerability VCID-n9vn-4uxr-hkau
5
vulnerability VCID-q8r2-m9s6-rbek
6
vulnerability VCID-u9q1-63gf-7feh
7
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1
aliases CVE-2020-24583, GHSA-m6gj-h9gm-gw44, PYSEC-2020-33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvfs-2v1h-p3h4
14
url VCID-u9q1-63gf-7feh
vulnerability_id VCID-u9q1-63gf-7feh
summary In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-qm57-vhq3-3fwf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-qm57-vhq3-3fwf
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
4
reference_url https://www.djangoproject.com/weblog/2021/may/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/may/06/security-releases/
5
reference_url http://www.openwall.com/lists/oss-security/2021/05/06/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/06/1
fixed_packages
0
url pkg:pypi/django@2.2.22
purl pkg:pypi/django@2.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fksk-pr23-2yd8
7
vulnerability VCID-n9vn-4uxr-hkau
8
vulnerability VCID-nss9-1yrb-x7f2
9
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.22
1
url pkg:pypi/django@3.1.10
purl pkg:pypi/django@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-n9vn-4uxr-hkau
3
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.10
2
url pkg:pypi/django@3.2.2
purl pkg:pypi/django@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-am3f-c5ex-8ff2
9
vulnerability VCID-attf-6gj8-ebaj
10
vulnerability VCID-au8h-vj9k-pufv
11
vulnerability VCID-drwp-htkk-bkfh
12
vulnerability VCID-f4a7-tcz5-byfj
13
vulnerability VCID-fksk-pr23-2yd8
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-m1dr-sjmw-jfd2
16
vulnerability VCID-m33h-4p9q-63fb
17
vulnerability VCID-n9vn-4uxr-hkau
18
vulnerability VCID-nss9-1yrb-x7f2
19
vulnerability VCID-qgp1-4efd-6yg6
20
vulnerability VCID-yuda-1mur-8bbq
21
vulnerability VCID-z4x1-e7tp-rqhz
22
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2
aliases CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh
15
url VCID-z4x1-e7tp-rqhz
vulnerability_id VCID-z4x1-e7tp-rqhz
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-p99v-5w3c-jqq9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p99v-5w3c-jqq9
2
reference_url https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33571, GHSA-p99v-5w3c-jqq9, PYSEC-2021-99
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz
Fixing_vulnerabilities
0
url VCID-4cp2-k4mn-8ffj
vulnerability_id VCID-4cp2-k4mn-8ffj
summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
references
0
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
1
reference_url https://github.com/advisories/GHSA-2m34-jcjv-45xf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2m34-jcjv-45xf
2
reference_url https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
4
reference_url https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200611-0002/
5
reference_url https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-1/
6
reference_url https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-2/
7
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4705
8
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
9
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
fixed_packages
0
url pkg:pypi/django@2.2.13
purl pkg:pypi/django@2.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fhp8-tck4-mye4
7
vulnerability VCID-fksk-pr23-2yd8
8
vulnerability VCID-hh9b-52xn-z7a9
9
vulnerability VCID-j81e-su1y-tqa6
10
vulnerability VCID-n9vn-4uxr-hkau
11
vulnerability VCID-nss9-1yrb-x7f2
12
vulnerability VCID-q8r2-m9s6-rbek
13
vulnerability VCID-qvfs-2v1h-p3h4
14
vulnerability VCID-u9q1-63gf-7feh
15
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13
1
url pkg:pypi/django@3.0.7
purl pkg:pypi/django@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-fhp8-tck4-mye4
2
vulnerability VCID-hh9b-52xn-z7a9
3
vulnerability VCID-q8r2-m9s6-rbek
4
vulnerability VCID-qvfs-2v1h-p3h4
5
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7
aliases CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cp2-k4mn-8ffj
1
url VCID-na9w-xkvx-cbhd
vulnerability_id VCID-na9w-xkvx-cbhd
summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
references
0
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
1
reference_url https://github.com/advisories/GHSA-wpjr-j57x-wxfw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wpjr-j57x-wxfw
2
reference_url https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
url https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
3
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
5
reference_url https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200611-0002/
6
reference_url https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-1/
7
reference_url https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-2/
8
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4705
9
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
10
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
fixed_packages
0
url pkg:pypi/django@2.2.13
purl pkg:pypi/django@2.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-attf-6gj8-ebaj
5
vulnerability VCID-drwp-htkk-bkfh
6
vulnerability VCID-fhp8-tck4-mye4
7
vulnerability VCID-fksk-pr23-2yd8
8
vulnerability VCID-hh9b-52xn-z7a9
9
vulnerability VCID-j81e-su1y-tqa6
10
vulnerability VCID-n9vn-4uxr-hkau
11
vulnerability VCID-nss9-1yrb-x7f2
12
vulnerability VCID-q8r2-m9s6-rbek
13
vulnerability VCID-qvfs-2v1h-p3h4
14
vulnerability VCID-u9q1-63gf-7feh
15
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13
1
url pkg:pypi/django@3.0.7
purl pkg:pypi/django@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-fhp8-tck4-mye4
2
vulnerability VCID-hh9b-52xn-z7a9
3
vulnerability VCID-q8r2-m9s6-rbek
4
vulnerability VCID-qvfs-2v1h-p3h4
5
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7
aliases CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13