Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.1
Typepypi
Namespace
Namedjango
Version4.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.13
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-5k3f-9smv-8bev
vulnerability_id VCID-5k3f-9smv-8bev
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41323
reference_id
reference_type
scores
0
value 0.09673
scoring_system epss
scoring_elements 0.93036
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41323
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
2
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
3
reference_url https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1
reference_id
reference_type
scores
url https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1
4
reference_url https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
reference_id
reference_type
scores
url https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
5
reference_url https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25
reference_id
reference_type
scores
url https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml
7
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
13
reference_url https://security.netapp.com/advisory/ntap-20221124-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221124-0001
14
reference_url https://www.djangoproject.com/weblog/2022/oct/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/oct/04/security-releases
15
reference_url https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
16
reference_url https://security.archlinux.org/AVG-2809
reference_id AVG-2809
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2809
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41323
reference_id CVE-2022-41323
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-41323
18
reference_url https://github.com/advisories/GHSA-qrw5-5h28-6cmg
reference_id GHSA-qrw5-5h28-6cmg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrw5-5h28-6cmg
fixed_packages
0
url pkg:pypi/django@4.1.2
purl pkg:pypi/django@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-fwkd-bq8u-9kg8
4
vulnerability VCID-kmv2-339j-8ugc
5
vulnerability VCID-nyy8-t17r-syex
6
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.2
aliases CVE-2022-41323, GHSA-qrw5-5h28-6cmg, PYSEC-2022-304
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5k3f-9smv-8bev
1
url VCID-7u6e-a3ng-fude
vulnerability_id VCID-7u6e-a3ng-fude
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
reference_id
reference_type
scores
0
value 0.0279
scoring_system epss
scoring_elements 0.86341
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
5
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
6
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231221-0001
15
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
18
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
fixed_packages
0
url pkg:pypi/django@4.1.12
purl pkg:pypi/django@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12
1
url pkg:pypi/django@4.2.6
purl pkg:pypi/django@4.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bjn5-qpmt-qffx
15
vulnerability VCID-bq5s-uknu-z7cn
16
vulnerability VCID-cbsj-1qqg-1ba6
17
vulnerability VCID-cg44-thdw-cygg
18
vulnerability VCID-chey-b3c1-pbe5
19
vulnerability VCID-e2p6-m8gu-jbfu
20
vulnerability VCID-em3c-ceug-cubp
21
vulnerability VCID-enen-3w2h-g3b8
22
vulnerability VCID-fbee-vj2y-cfeb
23
vulnerability VCID-heum-8mwz-sbcw
24
vulnerability VCID-j2uz-w2ur-7ud4
25
vulnerability VCID-jma1-9ags-xbfm
26
vulnerability VCID-jt9m-kd3k-uqca
27
vulnerability VCID-kv5d-p5n4-r7dp
28
vulnerability VCID-nyc2-p1rp-xkb4
29
vulnerability VCID-q4cv-2m7d-3qd5
30
vulnerability VCID-sz4x-rr8f-a3hf
31
vulnerability VCID-u15a-4ste-43cy
32
vulnerability VCID-vm2w-caad-nyd3
33
vulnerability VCID-vpgq-jhzc-j7h2
34
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6
aliases CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u6e-a3ng-fude
2
url VCID-ctk2-ykg7-h7ag
vulnerability_id VCID-ctk2-ykg7-h7ag
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61354
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
5
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
6
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0002
15
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
18
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
fixed_packages
0
url pkg:pypi/django@4.1.11
purl pkg:pypi/django@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11
1
url pkg:pypi/django@4.2.5
purl pkg:pypi/django@4.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-e2p6-m8gu-jbfu
21
vulnerability VCID-em3c-ceug-cubp
22
vulnerability VCID-enen-3w2h-g3b8
23
vulnerability VCID-fbee-vj2y-cfeb
24
vulnerability VCID-heum-8mwz-sbcw
25
vulnerability VCID-j2uz-w2ur-7ud4
26
vulnerability VCID-jma1-9ags-xbfm
27
vulnerability VCID-jt9m-kd3k-uqca
28
vulnerability VCID-kv5d-p5n4-r7dp
29
vulnerability VCID-nyc2-p1rp-xkb4
30
vulnerability VCID-q4cv-2m7d-3qd5
31
vulnerability VCID-sz4x-rr8f-a3hf
32
vulnerability VCID-u15a-4ste-43cy
33
vulnerability VCID-vm2w-caad-nyd3
34
vulnerability VCID-vpgq-jhzc-j7h2
35
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5
aliases CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctk2-ykg7-h7ag
3
url VCID-e2p6-m8gu-jbfu
vulnerability_id VCID-e2p6-m8gu-jbfu
summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
reference_id
reference_type
scores
0
value 0.03582
scoring_system epss
scoring_elements 0.87943
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
5
reference_url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
6
reference_url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0001
11
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
12
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id CVE-2023-46695
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
14
reference_url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id GHSA-qmf9-6jqf-j8fq
reference_type
scores
url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
fixed_packages
0
url pkg:pypi/django@4.1.13
purl pkg:pypi/django@4.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13
1
url pkg:pypi/django@4.2.7
purl pkg:pypi/django@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bjn5-qpmt-qffx
15
vulnerability VCID-bq5s-uknu-z7cn
16
vulnerability VCID-cbsj-1qqg-1ba6
17
vulnerability VCID-cg44-thdw-cygg
18
vulnerability VCID-chey-b3c1-pbe5
19
vulnerability VCID-em3c-ceug-cubp
20
vulnerability VCID-enen-3w2h-g3b8
21
vulnerability VCID-fbee-vj2y-cfeb
22
vulnerability VCID-heum-8mwz-sbcw
23
vulnerability VCID-j2uz-w2ur-7ud4
24
vulnerability VCID-jma1-9ags-xbfm
25
vulnerability VCID-jt9m-kd3k-uqca
26
vulnerability VCID-kv5d-p5n4-r7dp
27
vulnerability VCID-nyc2-p1rp-xkb4
28
vulnerability VCID-q4cv-2m7d-3qd5
29
vulnerability VCID-sz4x-rr8f-a3hf
30
vulnerability VCID-u15a-4ste-43cy
31
vulnerability VCID-vm2w-caad-nyd3
32
vulnerability VCID-vpgq-jhzc-j7h2
33
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7
aliases CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2p6-m8gu-jbfu
4
url VCID-fwkd-bq8u-9kg8
vulnerability_id VCID-fwkd-bq8u-9kg8
summary An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24580
reference_id
reference_type
scores
0
value 0.22718
scoring_system epss
scoring_elements 0.95962
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24580
1
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security
2
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
reference_id
reference_type
scores
url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
5
reference_url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
reference_id
reference_type
scores
url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
6
reference_url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
reference_id
reference_type
scores
url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
21
reference_url https://security.netapp.com/advisory/ntap-20230316-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230316-0006
22
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
23
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
24
reference_url http://www.openwall.com/lists/oss-security/2023/02/14/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/02/14/1
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
reference_id CVE-2023-24580
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
26
reference_url https://github.com/advisories/GHSA-2hrw-hx67-34x6
reference_id GHSA-2hrw-hx67-34x6
reference_type
scores
url https://github.com/advisories/GHSA-2hrw-hx67-34x6
fixed_packages
0
url pkg:pypi/django@4.1.7
purl pkg:pypi/django@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-kmv2-339j-8ugc
4
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.7
aliases CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwkd-bq8u-9kg8
5
url VCID-kmv2-339j-8ugc
vulnerability_id VCID-kmv2-339j-8ugc
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
reference_id
reference_type
scores
0
value 0.09595
scoring_system epss
scoring_elements 0.93006
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
5
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
6
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
7
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
9
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
10
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
11
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
18
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5465
19
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
20
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
22
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
fixed_packages
0
url pkg:pypi/django@4.1.10
purl pkg:pypi/django@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10
1
url pkg:pypi/django@4.2.3
purl pkg:pypi/django@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kv5d-p5n4-r7dp
30
vulnerability VCID-nyc2-p1rp-xkb4
31
vulnerability VCID-q4cv-2m7d-3qd5
32
vulnerability VCID-sz4x-rr8f-a3hf
33
vulnerability VCID-u15a-4ste-43cy
34
vulnerability VCID-vm2w-caad-nyd3
35
vulnerability VCID-vpgq-jhzc-j7h2
36
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3
aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmv2-339j-8ugc
6
url VCID-nyy8-t17r-syex
vulnerability_id VCID-nyy8-t17r-syex
summary In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23969
reference_id
reference_type
scores
0
value 0.06091
scoring_system epss
scoring_elements 0.90908
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23969
1
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security
2
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
reference_id
reference_type
scores
url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
5
reference_url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
reference_id
reference_type
scores
url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
6
reference_url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
12
reference_url https://security.netapp.com/advisory/ntap-20230302-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230302-0007
13
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
reference_id CVE-2023-23969
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
16
reference_url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
reference_id GHSA-q2jf-h9jm-m7p4
reference_type
scores
url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
fixed_packages
0
url pkg:pypi/django@4.1.6
purl pkg:pypi/django@4.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-fwkd-bq8u-9kg8
4
vulnerability VCID-kmv2-339j-8ugc
5
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6
aliases CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyy8-t17r-syex
7
url VCID-rn9d-fd73-3kb9
vulnerability_id VCID-rn9d-fd73-3kb9
summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32498
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
5
reference_url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
6
reference_url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
12
reference_url https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230609-0008
13
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id CVE-2023-31047
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
16
reference_url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id GHSA-r3xc-prgr-mg9p
reference_type
scores
url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
fixed_packages
0
url pkg:pypi/django@4.1.9
purl pkg:pypi/django@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-kmv2-339j-8ugc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9
1
url pkg:pypi/django@4.2.1
purl pkg:pypi/django@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kmv2-339j-8ugc
30
vulnerability VCID-kv5d-p5n4-r7dp
31
vulnerability VCID-nyc2-p1rp-xkb4
32
vulnerability VCID-q4cv-2m7d-3qd5
33
vulnerability VCID-sz4x-rr8f-a3hf
34
vulnerability VCID-u15a-4ste-43cy
35
vulnerability VCID-vm2w-caad-nyd3
36
vulnerability VCID-vpgq-jhzc-j7h2
37
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1
aliases CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn9d-fd73-3kb9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1