Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/22489?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/22489?format=api", "purl": "pkg:pypi/django@2.1a1", "type": "pypi", "namespace": "", "name": "django", "version": "2.1a1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.1.6", "latest_non_vulnerable_version": "6.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=api", "vulnerability_id": "VCID-9mpt-zxaw-kkeg", "summary": "multiple issues", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-41", "reference_id": "ASA-202106-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-41" }, { "reference_url": "https://security.archlinux.org/AVG-2026", "reference_id": "AVG-2026", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22501?format=api", "purl": "pkg:pypi/django@2.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-51tx-4tp9-kbcz" }, { "vulnerability": "VCID-6jpg-yrf8-cufy" }, { "vulnerability": "VCID-9end-mq19-rke5" }, { "vulnerability": "VCID-attf-6gj8-ebaj" }, { "vulnerability": "VCID-drwp-htkk-bkfh" }, { "vulnerability": "VCID-fksk-pr23-2yd8" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-nss9-1yrb-x7f2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/22502?format=api", "purl": "pkg:pypi/django@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/22503?format=api", "purl": "pkg:pypi/django@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29qk-rv5n-efbm" }, { "vulnerability": "VCID-2n2n-1fq2-7bbs" }, { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-4z4e-8ttu-tyd6" }, { "vulnerability": "VCID-51tx-4tp9-kbcz" }, { "vulnerability": "VCID-6jpg-yrf8-cufy" }, { "vulnerability": "VCID-9end-mq19-rke5" }, { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-attf-6gj8-ebaj" }, { "vulnerability": "VCID-au8h-vj9k-pufv" }, { "vulnerability": "VCID-drwp-htkk-bkfh" }, { "vulnerability": "VCID-f4a7-tcz5-byfj" }, { "vulnerability": "VCID-fksk-pr23-2yd8" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-m1dr-sjmw-jfd2" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-nss9-1yrb-x7f2" }, { "vulnerability": "VCID-qgp1-4efd-6yg6" }, { "vulnerability": "VCID-yuda-1mur-8bbq" }, { "vulnerability": "VCID-z6tf-z1y9-cydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4" } ], "aliases": [ "CVE-2021-33203", "GHSA-68w8-qjq3-2gfm", "PYSEC-2021-98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35305?format=api", "vulnerability_id": "VCID-f1br-hvnm-wfdg", "summary": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-337x-4q8g-prc5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-337x-4q8g-prc5" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://usn.ubuntu.com/3851-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3851-1" }, { "reference_url": "https://usn.ubuntu.com/3851-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3851-1/" }, { "reference_url": "https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4363" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/106453", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106453" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3498", "reference_id": "CVE-2019-3498", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12707?format=api", "purl": "pkg:pypi/django@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mfy-uj9u-d7de" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-c3m7-fu62-2qd9" }, { "vulnerability": "VCID-g44a-m54u-97cr" }, { "vulnerability": "VCID-gfar-wbzc-3ubr" }, { "vulnerability": "VCID-kbab-v2gz-dfe6" }, { "vulnerability": "VCID-pgtx-cdua-kfb4" }, { "vulnerability": "VCID-t952-ghnf-jkby" }, { "vulnerability": "VCID-yreb-z7nz-jkbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5" } ], "aliases": [ "CVE-2019-3498", "GHSA-337x-4q8g-prc5", "PYSEC-2019-17" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1br-hvnm-wfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35364?format=api", "vulnerability_id": "VCID-kbab-v2gz-dfe6", "summary": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/1.11.21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/1.11.21" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/1.11.21/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/1.11.21/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.1.9" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.1.9/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.1.9/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.2.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.2.2" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.2.2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.2.2/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-7rp2-fm2h-wchj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7rp2-fm2h-wchj" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62" }, { "reference_url": "https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673" }, { "reference_url": "https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://usn.ubuntu.com/4043-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4043-1" }, { "reference_url": "https://usn.ubuntu.com/4043-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4043-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "reference_url": "http://www.securityfocus.com/bid/108559", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12308", "reference_id": "CVE-2019-12308", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12308" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13468?format=api", "purl": "pkg:pypi/django@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mfy-uj9u-d7de" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-c3m7-fu62-2qd9" }, { "vulnerability": "VCID-g44a-m54u-97cr" }, { "vulnerability": "VCID-gfar-wbzc-3ubr" }, { "vulnerability": "VCID-pgtx-cdua-kfb4" }, { "vulnerability": "VCID-yreb-z7nz-jkbs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13470?format=api", "purl": "pkg:pypi/django@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mfy-uj9u-d7de" }, { "vulnerability": "VCID-4cp2-k4mn-8ffj" }, { "vulnerability": "VCID-51tx-4tp9-kbcz" }, { "vulnerability": "VCID-5q58-pzt4-8uey" }, { "vulnerability": "VCID-6jpg-yrf8-cufy" }, { "vulnerability": "VCID-9end-mq19-rke5" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-attf-6gj8-ebaj" }, { "vulnerability": "VCID-c3m7-fu62-2qd9" }, { "vulnerability": "VCID-drwp-htkk-bkfh" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-fksk-pr23-2yd8" }, { "vulnerability": "VCID-g44a-m54u-97cr" }, { "vulnerability": "VCID-gfar-wbzc-3ubr" }, { "vulnerability": "VCID-hh9b-52xn-z7a9" }, { "vulnerability": "VCID-j81e-su1y-tqa6" }, { "vulnerability": "VCID-m4wa-xv9b-q7ce" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-na9w-xkvx-cbhd" }, { "vulnerability": "VCID-nss9-1yrb-x7f2" }, { "vulnerability": "VCID-pgtx-cdua-kfb4" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-qvfs-2v1h-p3h4" }, { "vulnerability": "VCID-u9q1-63gf-7feh" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-yreb-z7nz-jkbs" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2" } ], "aliases": [ "CVE-2019-12308", "GHSA-7rp2-fm2h-wchj", "PYSEC-2019-79" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbab-v2gz-dfe6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1a1" }