Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@3.2.12

Type pypi

Namespace

Name django

Version 3.2.12

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.25

Latest_non_vulnerable_version 6.0.5

Affected_by_vulnerabilities

url VCID-5k3f-9smv-8bev

vulnerability_id VCID-5k3f-9smv-8bev

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41323

reference_id

reference_type

scores

value	0.09673
scoring_system	epss
scoring_elements	0.93036
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41323

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1
reference_id
reference_type
scores
url	https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1

reference_url	https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
reference_id
reference_type
scores
url	https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924

reference_url	https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP

reference_url	https://security.netapp.com/advisory/ntap-20221124-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221124-0001

reference_url	https://www.djangoproject.com/weblog/2022/oct/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/oct/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/oct/04/security-releases/

reference_url

https://security.archlinux.org/AVG-2809

reference_id

AVG-2809

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2809

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-41323
reference_id	CVE-2022-41323
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-41323

reference_url

https://github.com/advisories/GHSA-qrw5-5h28-6cmg

reference_id

GHSA-qrw5-5h28-6cmg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qrw5-5h28-6cmg

fixed_packages

url pkg:pypi/django@3.2.16

purl pkg:pypi/django@3.2.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.16

url pkg:pypi/django@4.0.8

purl pkg:pypi/django@4.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.8

url pkg:pypi/django@4.1.2

purl pkg:pypi/django@4.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.2

aliases CVE-2022-41323, GHSA-qrw5-5h28-6cmg, PYSEC-2022-304

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5k3f-9smv-8bev

url VCID-6bct-bfhb-xugt

vulnerability_id VCID-6bct-bfhb-xugt

summary sql injection

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34265

reference_id

reference_type

scores

value	0.92834
scoring_system	epss
scoring_elements	0.99772
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34265

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://github.com/advisories/GHSA-p64x-8rxx-wf6q

reference_id

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p64x-8rxx-wf6q

reference_url	https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
reference_id
reference_type
scores
url	https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492

reference_url	https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db
reference_id
reference_type
scores
url	https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db

reference_url	https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9

reference_url	https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20220818-0006
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220818-0006

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/jul/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jul/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jul/04/security-releases/

reference_url

https://security.archlinux.org/AVG-2788

reference_id

AVG-2788

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2788

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-34265
reference_id	CVE-2022-34265
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-34265

fixed_packages

url pkg:pypi/django@3.2.14

purl pkg:pypi/django@3.2.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.14

url pkg:pypi/django@4.0.6

purl pkg:pypi/django@4.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.6

aliases CVE-2022-34265, GHSA-p64x-8rxx-wf6q, PYSEC-2022-213

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bct-bfhb-xugt

url VCID-7u6e-a3ng-fude

vulnerability_id VCID-7u6e-a3ng-fude

summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-43665

reference_id

reference_type

scores

value	0.0279
scoring_system	epss
scoring_elements	0.86341
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-43665

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
url	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473

reference_url	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8

reference_url	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231221-0001

reference_url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id	CVE-2023-43665
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-43665

reference_url	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id	GHSA-h8gc-pgj2-vjm3
reference_type
scores
url	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3

fixed_packages

url pkg:pypi/django@3.2.22

purl pkg:pypi/django@3.2.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.22

url pkg:pypi/django@4.1.12

purl pkg:pypi/django@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e2p6-m8gu-jbfu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12

url pkg:pypi/django@4.2.6

purl pkg:pypi/django@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6

aliases CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u6e-a3ng-fude

url VCID-bjn5-qpmt-qffx

vulnerability_id VCID-bjn5-qpmt-qffx

summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27351

reference_id

reference_type

scores

value	0.02611
scoring_system	epss
scoring_elements	0.85903
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27351

reference_url	https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security

reference_url	https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521

reference_url	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e

reference_url	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2024/03/04/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id	CVE-2024-27351
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-27351

reference_url

https://github.com/advisories/GHSA-vm8q-m57g-pff3

reference_id

GHSA-vm8q-m57g-pff3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vm8q-m57g-pff3

fixed_packages

url	pkg:pypi/django@3.2.25
purl	pkg:pypi/django@3.2.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25

url pkg:pypi/django@4.2.11

purl pkg:pypi/django@4.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11

url pkg:pypi/django@5.0.3

purl pkg:pypi/django@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3

aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjn5-qpmt-qffx

url VCID-ctk2-ykg7-h7ag

vulnerability_id VCID-ctk2-ykg7-h7ag

summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-41164

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.61354
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-41164

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e

reference_url	https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9

reference_url	https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
url	https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231214-0002

reference_url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id	CVE-2023-41164
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-41164

reference_url	https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id	GHSA-7h4p-27mh-hmrw
reference_type
scores
url	https://github.com/advisories/GHSA-7h4p-27mh-hmrw

fixed_packages

url pkg:pypi/django@3.2.21

purl pkg:pypi/django@3.2.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.21

url pkg:pypi/django@4.1.11

purl pkg:pypi/django@4.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-e2p6-m8gu-jbfu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11

url pkg:pypi/django@4.2.5

purl pkg:pypi/django@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5

aliases CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctk2-ykg7-h7ag

url VCID-dcv2-gx5a-pfe2

vulnerability_id VCID-dcv2-gx5a-pfe2

summary sql injection

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28346

reference_id

reference_type

scores

value	0.01971
scoring_system	epss
scoring_elements	0.83836
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28346

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://github.com/advisories/GHSA-2gwj-7jmv-h26r

reference_id

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2gwj-7jmv-h26r

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48

reference_url	https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d

reference_url	https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
reference_id
reference_type
scores
url	https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60

reference_url	https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
reference_id
reference_type
scores
url	https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20220609-0002
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220609-0002

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/04/11/1

reference_url	https://security.archlinux.org/ASA-202204-9
reference_id	ASA-202204-9
reference_type
scores
url	https://security.archlinux.org/ASA-202204-9

reference_url

https://security.archlinux.org/AVG-2667

reference_id

AVG-2667

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2667

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-28346
reference_id	CVE-2022-28346
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-28346

fixed_packages

url pkg:pypi/django@3.2.13

purl pkg:pypi/django@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13

url pkg:pypi/django@4.0.4

purl pkg:pypi/django@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4

aliases CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dcv2-gx5a-pfe2

url VCID-dqkn-1888-y3er

vulnerability_id VCID-dqkn-1888-y3er

summary sql injection

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28347

reference_id

reference_type

scores

value	0.00668
scoring_system	epss
scoring_elements	0.71619
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28347

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://github.com/advisories/GHSA-w24h-v9qh-8gxj

reference_id

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w24h-v9qh-8gxj

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
reference_id
reference_type
scores
url	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402

reference_url	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5

reference_url	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81

reference_url	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/04/11/1

reference_url	https://security.archlinux.org/ASA-202204-9
reference_id	ASA-202204-9
reference_type
scores
url	https://security.archlinux.org/ASA-202204-9

reference_url

https://security.archlinux.org/AVG-2667

reference_id

AVG-2667

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2667

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-28347
reference_id	CVE-2022-28347
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-28347

fixed_packages

url pkg:pypi/django@3.2.13

purl pkg:pypi/django@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13

url pkg:pypi/django@4.0.4

purl pkg:pypi/django@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4

aliases CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqkn-1888-y3er

url VCID-e2p6-m8gu-jbfu

vulnerability_id VCID-e2p6-m8gu-jbfu

summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46695

reference_id

reference_type

scores

value	0.03582
scoring_system	epss
scoring_elements	0.87943
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46695

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f

reference_url	https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e

reference_url	https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231214-0001

reference_url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id	CVE-2023-46695
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-46695

reference_url	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id	GHSA-qmf9-6jqf-j8fq
reference_type
scores
url	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq

fixed_packages

url pkg:pypi/django@3.2.23

purl pkg:pypi/django@3.2.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.23

url	pkg:pypi/django@4.1.13
purl	pkg:pypi/django@4.1.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13

url pkg:pypi/django@4.2.7

purl pkg:pypi/django@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7

aliases CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2p6-m8gu-jbfu

url VCID-fwkd-bq8u-9kg8

vulnerability_id VCID-fwkd-bq8u-9kg8

summary An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24580

reference_id

reference_type

scores

value	0.22718
scoring_system	epss
scoring_elements	0.95962
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24580

reference_url	https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.1/releases/security

reference_url	https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.1/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
reference_id
reference_type
scores
url	https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92

reference_url	https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
reference_id
reference_type
scores
url	https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432

reference_url	https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
reference_id
reference_type
scores
url	https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP

reference_url	https://security.netapp.com/advisory/ntap-20230316-0006
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230316-0006

reference_url	https://www.djangoproject.com/weblog/2023/feb/14/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/feb/14/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/feb/14/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2023/02/14/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/02/14/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-24580
reference_id	CVE-2023-24580
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-24580

reference_url	https://github.com/advisories/GHSA-2hrw-hx67-34x6
reference_id	GHSA-2hrw-hx67-34x6
reference_type
scores
url	https://github.com/advisories/GHSA-2hrw-hx67-34x6

fixed_packages

url pkg:pypi/django@3.2.18

purl pkg:pypi/django@3.2.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.18

url pkg:pypi/django@4.0.10

purl pkg:pypi/django@4.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.10

url pkg:pypi/django@4.1.7

purl pkg:pypi/django@4.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.7

aliases CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwkd-bq8u-9kg8

url VCID-kmv2-339j-8ugc

vulnerability_id VCID-kmv2-339j-8ugc

summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36053

reference_id

reference_type

scores

value	0.09595
scoring_system	epss
scoring_elements	0.93006
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36053

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url	https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582

reference_url	https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url	https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd

reference_url	https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9

reference_url	https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5465

reference_url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id	CVE-2023-36053
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-36053

reference_url	https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id	GHSA-jh3w-4vvf-mjgr
reference_type
scores
url	https://github.com/advisories/GHSA-jh3w-4vvf-mjgr

fixed_packages

url pkg:pypi/django@3.2.20

purl pkg:pypi/django@3.2.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20

url pkg:pypi/django@4.1.10

purl pkg:pypi/django@4.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10

url pkg:pypi/django@4.2.3

purl pkg:pypi/django@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3

aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmv2-339j-8ugc

url VCID-nyy8-t17r-syex

vulnerability_id VCID-nyy8-t17r-syex

summary In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23969

reference_id

reference_type

scores

value	0.06091
scoring_system	epss
scoring_elements	0.90908
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23969

reference_url	https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.1/releases/security

reference_url	https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.1/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95

reference_url	https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942

reference_url	https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20230302-0007
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230302-0007

reference_url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-23969
reference_id	CVE-2023-23969
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-23969

reference_url	https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
reference_id	GHSA-q2jf-h9jm-m7p4
reference_type
scores
url	https://github.com/advisories/GHSA-q2jf-h9jm-m7p4

fixed_packages

url pkg:pypi/django@3.2.17

purl pkg:pypi/django@3.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.17

url pkg:pypi/django@4.0.9

purl pkg:pypi/django@4.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.9

url pkg:pypi/django@4.1.6

purl pkg:pypi/django@4.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6

aliases CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyy8-t17r-syex

url VCID-qg2s-fuw3-nbda

vulnerability_id VCID-qg2s-fuw3-nbda

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36359

reference_id

reference_type

scores

value	0.01374
scoring_system	epss
scoring_elements	0.80552
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36359

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://github.com/advisories/GHSA-8x94-hmjh-97hq

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8x94-hmjh-97hq

reference_url	https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80
reference_id
reference_type
scores
url	https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80

reference_url	https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3
reference_id
reference_type
scores
url	https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3

reference_url	https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173
reference_id
reference_type
scores
url	https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml

reference_url	https://groups.google.com/g/django-announce/c/8cz--gvaJr4
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce/c/8cz--gvaJr4

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20220915-0008
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0008

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/aug/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/aug/03/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/aug/03/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/08/03/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/08/03/1

reference_url

https://security.archlinux.org/AVG-2810

reference_id

AVG-2810

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2810

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-36359
reference_id	CVE-2022-36359
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-36359

fixed_packages

url pkg:pypi/django@3.2.15

purl pkg:pypi/django@3.2.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15

url pkg:pypi/django@4.0.7

purl pkg:pypi/django@4.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7

aliases CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qg2s-fuw3-nbda

url VCID-rn9d-fd73-3kb9

vulnerability_id VCID-rn9d-fd73-3kb9

summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31047

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32498
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31047

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
url	https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd

reference_url	https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
url	https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64

reference_url	https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
url	https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_url	https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230609-0008

reference_url	https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/may/03/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/may/03/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id	CVE-2023-31047
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-31047

reference_url	https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id	GHSA-r3xc-prgr-mg9p
reference_type
scores
url	https://github.com/advisories/GHSA-r3xc-prgr-mg9p

fixed_packages

url pkg:pypi/django@3.2.19

purl pkg:pypi/django@3.2.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.19

url pkg:pypi/django@4.1.9

purl pkg:pypi/django@4.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-kmv2-339j-8ugc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9

url pkg:pypi/django@4.2.1

purl pkg:pypi/django@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1

aliases CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn9d-fd73-3kb9

url VCID-x4s4-qav9-xbet

vulnerability_id VCID-x4s4-qav9-xbet

summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24680

reference_id

reference_type

scores

value	0.01394
scoring_system	epss
scoring_elements	0.80693
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24680

reference_url	https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security

reference_url	https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
url	https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc

reference_url	https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9

reference_url	https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2

reference_url	https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id	CVE-2024-24680
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-24680

reference_url

https://github.com/advisories/GHSA-xxj9-f6rv-m3x4

reference_id

GHSA-xxj9-f6rv-m3x4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xxj9-f6rv-m3x4

fixed_packages

url pkg:pypi/django@3.2.24

purl pkg:pypi/django@3.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bjn5-qpmt-qffx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24

url pkg:pypi/django@4.2.10

purl pkg:pypi/django@4.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10

url pkg:pypi/django@5.0.2

purl pkg:pypi/django@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2

aliases CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4s4-qav9-xbet

Fixing_vulnerabilities

url VCID-2f2p-wfbs-73hz

vulnerability_id VCID-2f2p-wfbs-73hz

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23833

reference_id

reference_type

scores

value	0.0142
scoring_system	epss
scoring_elements	0.80902
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23833

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://github.com/advisories/GHSA-6cw3-g6wv-c2xv

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6cw3-g6wv-c2xv

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a

reference_url	https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468

reference_url	https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220221-0003

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

reference_url

https://security.archlinux.org/AVG-2808

reference_id

AVG-2808

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2808

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23833
reference_id	CVE-2022-23833
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23833

fixed_packages

url pkg:pypi/django@2.2.27

purl pkg:pypi/django@2.2.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dcv2-gx5a-pfe2

vulnerability	VCID-dqkn-1888-y3er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27

url pkg:pypi/django@3.2.12

purl pkg:pypi/django@3.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-dcv2-gx5a-pfe2

vulnerability	VCID-dqkn-1888-y3er

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

url pkg:pypi/django@4.0.2

purl pkg:pypi/django@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-dcv2-gx5a-pfe2

vulnerability	VCID-dqkn-1888-y3er

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2

aliases CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f2p-wfbs-73hz

url VCID-81q1-gytk-2uaq

vulnerability_id VCID-81q1-gytk-2uaq

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22818

reference_id

reference_type

scores

value	0.01009
scoring_system	epss
scoring_elements	0.77387
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22818

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://github.com/advisories/GHSA-95rw-fx8r-36v6

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-95rw-fx8r-36v6

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5

reference_url	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2

reference_url	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220221-0003

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

reference_url

https://security.archlinux.org/AVG-2808

reference_id

AVG-2808

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2808

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22818
reference_id	CVE-2022-22818
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22818

fixed_packages

url pkg:pypi/django@2.2.27

purl pkg:pypi/django@2.2.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dcv2-gx5a-pfe2

vulnerability	VCID-dqkn-1888-y3er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27

url pkg:pypi/django@3.2.12

purl pkg:pypi/django@3.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-7u6e-a3ng-fude

vulnerability	VCID-bjn5-qpmt-qffx

vulnerability	VCID-ctk2-ykg7-h7ag

vulnerability	VCID-dcv2-gx5a-pfe2

vulnerability	VCID-dqkn-1888-y3er

vulnerability	VCID-e2p6-m8gu-jbfu

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

vulnerability	VCID-x4s4-qav9-xbet

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

url pkg:pypi/django@4.0.2

purl pkg:pypi/django@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5k3f-9smv-8bev

vulnerability	VCID-6bct-bfhb-xugt

vulnerability	VCID-dcv2-gx5a-pfe2

vulnerability	VCID-dqkn-1888-y3er

vulnerability	VCID-fwkd-bq8u-9kg8

vulnerability	VCID-kmv2-339j-8ugc

vulnerability	VCID-nyy8-t17r-syex

vulnerability	VCID-qg2s-fuw3-nbda

vulnerability	VCID-rn9d-fd73-3kb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2

aliases CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81q1-gytk-2uaq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

Package Instance