| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-2dhb-9yue-33h7 |
| vulnerability_id |
VCID-2dhb-9yue-33h7 |
| summary |
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2241 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49081 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49018 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49054 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49082 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49076 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49103 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49086 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49089 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49035 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2241 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.7.6 |
| purl |
pkg:pypi/django@1.7.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 12 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 15 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 18 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 22 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.6 |
|
| 1 |
| url |
pkg:pypi/django@1.8b2 |
| purl |
pkg:pypi/django@1.8b2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 11 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 12 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 13 |
| vulnerability |
VCID-khxh-hjmn-fbdq |
|
| 14 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 15 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 18 |
| vulnerability |
VCID-t8d7-68j2-suet |
|
| 19 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 20 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b2 |
|
|
| aliases |
CVE-2015-2241, GHSA-6565-fg86-6jcx, PYSEC-2015-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2dhb-9yue-33h7 |
|
| 1 |
| url |
VCID-2m9f-3cgw-ekdr |
| vulnerability_id |
VCID-2m9f-3cgw-ekdr |
| summary |
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53149 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53066 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53093 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53117 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53136 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.5313 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.5318 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53165 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0473 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
http://www.ubuntu.com/usn/USN-2169-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2169-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.3 |
| purl |
pkg:pypi/django@1.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-42cm-j2av-87ea |
|
| 3 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 11 |
| vulnerability |
VCID-bgjt-c6sa-pfaj |
|
| 12 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 13 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 14 |
| vulnerability |
VCID-c1n5-4ars-u7ff |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-eker-m822-cuax |
|
| 17 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 18 |
| vulnerability |
VCID-jc9f-vgy8-ruan |
|
| 19 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 20 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 21 |
| vulnerability |
VCID-q64b-r7td-2yab |
|
| 22 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 23 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 24 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 25 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 26 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 27 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 30 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3 |
|
|
| aliases |
CVE-2014-0473, GHSA-89hj-xfx5-7q66, PYSEC-2014-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2m9f-3cgw-ekdr |
|
| 2 |
| url |
VCID-325d-7dfk-sqd2 |
| vulnerability_id |
VCID-325d-7dfk-sqd2 |
| summary |
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2513 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79331 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79333 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79298 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79312 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79288 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0125 |
| scoring_system |
epss |
| scoring_elements |
0.79357 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2513 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2513 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.6 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:H/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
3.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2513 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-1 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-2 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-3 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.10 |
| purl |
pkg:pypi/django@1.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 9 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 14 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 17 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10 |
|
| 1 |
| url |
pkg:pypi/django@1.9.3 |
| purl |
pkg:pypi/django@1.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 9 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 10 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 11 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 12 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 15 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3 |
|
|
| aliases |
CVE-2016-2513, GHSA-fp6p-5xvw-m74f, PYSEC-2016-16
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-325d-7dfk-sqd2 |
|
| 3 |
| url |
VCID-42cm-j2av-87ea |
| vulnerability_id |
VCID-42cm-j2av-87ea |
| summary |
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0480 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68147 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.6818 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68194 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68169 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68154 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68107 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68102 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68125 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68084 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0480 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0480 |
| reference_id |
CVE-2014-0480 |
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0480 |
|
| 64 |
|
| 65 |
|
| 66 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 10 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 11 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 14 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 15 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 18 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 19 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 20 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
|
| aliases |
CVE-2014-0480, GHSA-f7cm-ccfp-3q4r, PYSEC-2014-4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42cm-j2av-87ea |
|
| 4 |
| url |
VCID-5g4y-1qmy-27bd |
| vulnerability_id |
VCID-5g4y-1qmy-27bd |
| summary |
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0222 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90542 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90501 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90505 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90516 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90522 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90534 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.9054 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.05841 |
| scoring_system |
epss |
| scoring_elements |
0.90549 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0222 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 12 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 1 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 13 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 14 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 15 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 16 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 17 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 18 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 19 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0222, GHSA-6g95-x6cj-mg4v, PYSEC-2015-7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5g4y-1qmy-27bd |
|
| 5 |
| url |
VCID-6gss-ppm5-3yc9 |
| vulnerability_id |
VCID-6gss-ppm5-3yc9 |
| summary |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73852 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73865 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73873 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73828 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73892 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.7387 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73857 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73823 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.15 |
| purl |
pkg:pypi/django@3.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 7 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 11 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 14 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15 |
|
| 1 |
| url |
pkg:pypi/django@4.0.7 |
| purl |
pkg:pypi/django@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 9 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gss-ppm5-3yc9 |
|
| 6 |
| url |
VCID-84mm-45p6-xkau |
| vulnerability_id |
VCID-84mm-45p6-xkau |
| summary |
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05432 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05438 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05452 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.0548 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05424 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05417 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07235 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 3 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 4 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 5 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 6 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64458, GHSA-qw25-v68c-qjf3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau |
|
| 7 |
| url |
VCID-896g-hqec-ryb9 |
| vulnerability_id |
VCID-896g-hqec-ryb9 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61428 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.6146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61423 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61377 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61407 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61378 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9 |
|
| 8 |
| url |
VCID-8jaq-53td-wbeg |
| vulnerability_id |
VCID-8jaq-53td-wbeg |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94298 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9433 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94329 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94328 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94324 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9432 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9431 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94309 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 24 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 25 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 26 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
| 2 |
| url |
pkg:pypi/django@3.0.1 |
| purl |
pkg:pypi/django@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 8 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 9 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 10 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 11 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 14 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 18 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 19 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg |
|
| 9 |
| url |
VCID-8teq-9xr9-q3fg |
| vulnerability_id |
VCID-8teq-9xr9-q3fg |
| summary |
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7401 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88978 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88922 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.8893 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88947 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88949 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88968 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88973 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.88985 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.04378 |
| scoring_system |
epss |
| scoring_elements |
0.8898 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7401 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-3089-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3089-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.15 |
| purl |
pkg:pypi/django@1.8.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 8 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 9 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 10 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 11 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 12 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 13 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 14 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 15 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15 |
|
| 1 |
| url |
pkg:pypi/django@1.9.10 |
| purl |
pkg:pypi/django@1.9.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 8 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 9 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 10 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 11 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10 |
|
|
| aliases |
CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8teq-9xr9-q3fg |
|
| 10 |
| url |
VCID-9uzd-mmyv-mfh4 |
| vulnerability_id |
VCID-9uzd-mmyv-mfh4 |
| summary |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68804 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68747 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68774 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 3 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 4 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 5 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 6 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64459, GHSA-frmv-pr5f-9mcr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| url |
VCID-a715-2qks-wyhn |
| vulnerability_id |
VCID-a715-2qks-wyhn |
| summary |
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5143 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.9474 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94703 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94711 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94715 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94717 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94727 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94731 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.15813 |
| scoring_system |
epss |
| scoring_elements |
0.94736 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5143 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2671-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2671-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.7.9 |
| purl |
pkg:pypi/django@1.7.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 8 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 12 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 13 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 14 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 18 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9 |
|
| 1 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 12 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 15 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 18 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 22 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a715-2qks-wyhn |
|
| 12 |
| url |
VCID-bgjt-c6sa-pfaj |
| vulnerability_id |
VCID-bgjt-c6sa-pfaj |
| summary |
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3730 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76877 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76849 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76794 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76798 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76826 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76838 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76807 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76851 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00988 |
| scoring_system |
epss |
| scoring_elements |
0.76857 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3730 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
http://secunia.com/advisories/61281 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://secunia.com/advisories/61281 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
http://ubuntu.com/usn/usn-2212-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2212-1 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.5 |
| purl |
pkg:pypi/django@1.6.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-42cm-j2av-87ea |
|
| 3 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 11 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 12 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 13 |
| vulnerability |
VCID-c1n5-4ars-u7ff |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-eker-m822-cuax |
|
| 16 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 17 |
| vulnerability |
VCID-jc9f-vgy8-ruan |
|
| 18 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 19 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 20 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 21 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 22 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 23 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 24 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 25 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 26 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 27 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 28 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5 |
|
| 1 |
|
|
| aliases |
CVE-2014-3730, GHSA-vq3h-3q7v-9prw, PYSEC-2014-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bgjt-c6sa-pfaj |
|
| 13 |
| url |
VCID-bgmv-mf3x-bkew |
| vulnerability_id |
VCID-bgmv-mf3x-bkew |
| summary |
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0221 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92686 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.9268 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92675 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92665 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92652 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92685 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92684 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.09153 |
| scoring_system |
epss |
| scoring_elements |
0.92659 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0221 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
http://ubuntu.com/usn/usn-2469-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2469-1 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 12 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 1 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 13 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 14 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 15 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 16 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 17 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 18 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 19 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0221, GHSA-jhjg-w2cp-5j44, PYSEC-2015-6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bgmv-mf3x-bkew |
|
| 14 |
| url |
VCID-br5x-v7md-47hp |
| vulnerability_id |
VCID-br5x-v7md-47hp |
| summary |
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8213 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86588 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86581 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86519 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86529 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86548 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86567 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86576 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03006 |
| scoring_system |
epss |
| scoring_elements |
0.86591 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8213 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.securityfocus.com/bid/77750 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/77750 |
|
| 21 |
| reference_url |
http://www.securitytracker.com/id/1034237 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securitytracker.com/id/1034237 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2816-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2816-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-8213 |
| reference_id |
CVE-2015-8213 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-8213 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.7.11 |
| purl |
pkg:pypi/django@1.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 9 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 10 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 11 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 14 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.11 |
|
| 1 |
| url |
pkg:pypi/django@1.8.7 |
| purl |
pkg:pypi/django@1.8.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 10 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 11 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 12 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 13 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 14 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 15 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 16 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 17 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 18 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 19 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7 |
|
| 2 |
| url |
pkg:pypi/django@1.9rc2 |
| purl |
pkg:pypi/django@1.9rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 10 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 11 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2 |
|
|
| aliases |
CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-br5x-v7md-47hp |
|
| 15 |
| url |
VCID-c1n5-4ars-u7ff |
| vulnerability_id |
VCID-c1n5-4ars-u7ff |
| summary |
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0481 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78246 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.7825 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78267 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78242 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.7821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78228 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78198 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01121 |
| scoring_system |
epss |
| scoring_elements |
0.78189 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0481 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0481 |
| reference_id |
CVE-2014-0481 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0481 |
|
| 63 |
|
| 64 |
|
| 65 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 10 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 11 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 14 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 15 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 18 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 19 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 20 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
|
| aliases |
CVE-2014-0481, GHSA-296w-6qhq-gf92, PYSEC-2014-5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c1n5-4ars-u7ff |
|
| 16 |
| url |
VCID-e2jd-yd4j-kqgt |
| vulnerability_id |
VCID-e2jd-yd4j-kqgt |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46331 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46379 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46355 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46299 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46351 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 9 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 10 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 11 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 20 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 21 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
| url |
pkg:pypi/django@5.0.9 |
| purl |
pkg:pypi/django@5.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 5 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 6 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 9 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 8 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 9 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 10 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 11 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt |
|
| 17 |
| url |
VCID-eker-m822-cuax |
| vulnerability_id |
VCID-eker-m822-cuax |
| summary |
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0483 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62486 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62467 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.6245 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62453 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62475 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62435 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62404 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62346 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0483 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0483 |
| reference_id |
CVE-2014-0483 |
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:P/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0483 |
|
| 66 |
|
| 67 |
|
| 68 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 10 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 11 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 14 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 15 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 18 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 19 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 20 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
| 1 |
|
|
| aliases |
CVE-2014-0483, GHSA-rw75-m7gp-92m3, PYSEC-2014-7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eker-m822-cuax |
|
| 18 |
| url |
VCID-gvvs-megy-9fc3 |
| vulnerability_id |
VCID-gvvs-megy-9fc3 |
| summary |
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2316 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83506 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83566 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83557 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83533 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83532 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83518 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.8357 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83575 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0198 |
| scoring_system |
epss |
| scoring_elements |
0.83581 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2316 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
http://www.ubuntu.com/usn/USN-2539-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2539-1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.11 |
| purl |
pkg:pypi/django@1.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 14 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 18 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11 |
|
| 1 |
| url |
pkg:pypi/django@1.7.7 |
| purl |
pkg:pypi/django@1.7.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 12 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 13 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7 |
|
| 2 |
| url |
pkg:pypi/django@1.8c1 |
| purl |
pkg:pypi/django@1.8c1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-khxh-hjmn-fbdq |
|
| 12 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 13 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-t8d7-68j2-suet |
|
| 17 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 18 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8c1 |
|
| 3 |
|
|
| aliases |
CVE-2015-2316, GHSA-j3j3-jrfh-cm2w, PYSEC-2015-18
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gvvs-megy-9fc3 |
|
| 19 |
| url |
VCID-jc9f-vgy8-ruan |
| vulnerability_id |
VCID-jc9f-vgy8-ruan |
| summary |
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0482 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72269 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72247 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72234 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72203 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72239 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72253 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72198 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00711 |
| scoring_system |
epss |
| scoring_elements |
0.72197 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0482 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0482 |
| reference_id |
CVE-2014-0482 |
| reference_type |
|
| scores |
| 0 |
| value |
6.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:P/I:P/A:P |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2014-0482 |
|
| 64 |
|
| 65 |
|
| 66 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 10 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 11 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 14 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 15 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 18 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 19 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 20 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
| 1 |
|
|
| aliases |
CVE-2014-0482, GHSA-625g-gx8c-xcmg, PYSEC-2014-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jc9f-vgy8-ruan |
|
| 20 |
| url |
VCID-jumh-hkhx-7qc9 |
| vulnerability_id |
VCID-jumh-hkhx-7qc9 |
| summary |
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2317 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88851 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88794 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88803 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88819 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88822 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88839 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88844 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.04282 |
| scoring_system |
epss |
| scoring_elements |
0.88856 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2317 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
http://ubuntu.com/usn/usn-2539-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2539-1 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.11 |
| purl |
pkg:pypi/django@1.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 14 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 18 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11 |
|
| 1 |
| url |
pkg:pypi/django@1.7.7 |
| purl |
pkg:pypi/django@1.7.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 12 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 13 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7 |
|
| 2 |
| url |
pkg:pypi/django@1.8c1 |
| purl |
pkg:pypi/django@1.8c1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-khxh-hjmn-fbdq |
|
| 12 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 13 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-t8d7-68j2-suet |
|
| 17 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 18 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8c1 |
|
| 3 |
|
|
| aliases |
CVE-2015-2317, GHSA-7fq8-4pv5-5w5c, PYSEC-2015-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jumh-hkhx-7qc9 |
|
| 21 |
| url |
VCID-k6s1-gnmc-e3ed |
| vulnerability_id |
VCID-k6s1-gnmc-e3ed |
| summary |
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9014 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86685 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86692 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86681 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86671 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86652 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86634 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.03045 |
| scoring_system |
epss |
| scoring_elements |
0.86622 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9014 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-3115-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3115-1 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.16 |
| purl |
pkg:pypi/django@1.8.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 8 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 9 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 10 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 11 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16 |
|
| 1 |
| url |
pkg:pypi/django@1.9.11 |
| purl |
pkg:pypi/django@1.9.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11 |
|
| 2 |
| url |
pkg:pypi/django@1.10.3 |
| purl |
pkg:pypi/django@1.10.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 9 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 10 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 11 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 12 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3 |
|
|
| aliases |
CVE-2016-9014, GHSA-3f2c-jm6v-cr35, PYSEC-2016-18
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k6s1-gnmc-e3ed |
|
| 22 |
| url |
VCID-q64b-r7td-2yab |
| vulnerability_id |
VCID-q64b-r7td-2yab |
| summary |
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1418 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66506 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66519 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66499 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66485 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66475 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66437 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66466 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66439 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00512 |
| scoring_system |
epss |
| scoring_elements |
0.66401 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1418 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
http://ubuntu.com/usn/usn-2212-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2212-1 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.5 |
| purl |
pkg:pypi/django@1.6.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-42cm-j2av-87ea |
|
| 3 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 11 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 12 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 13 |
| vulnerability |
VCID-c1n5-4ars-u7ff |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-eker-m822-cuax |
|
| 16 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 17 |
| vulnerability |
VCID-jc9f-vgy8-ruan |
|
| 18 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 19 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 20 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 21 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 22 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 23 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 24 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 25 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 26 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 27 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 28 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5 |
|
| 1 |
|
|
| aliases |
CVE-2014-1418, GHSA-q7q2-qf2q-rw3w, PYSEC-2014-19
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q64b-r7td-2yab |
|
| 23 |
| url |
VCID-qm34-ec8s-tfd7 |
| vulnerability_id |
VCID-qm34-ec8s-tfd7 |
| summary |
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55629 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55666 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55657 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55654 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55603 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55625 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.556 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33203 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.24 |
| purl |
pkg:pypi/django@2.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 7 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 8 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 9 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 10 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 11 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 5 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 13 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 14 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 15 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 18 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 19 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 20 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 24 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 25 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7 |
|
| 24 |
| url |
VCID-qzba-9xmg-3qer |
| vulnerability_id |
VCID-qzba-9xmg-3qer |
| summary |
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0472 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.91386 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.91336 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.9134 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.9135 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.91357 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.9137 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.91377 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.06894 |
| scoring_system |
epss |
| scoring_elements |
0.91383 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0472 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.ubuntu.com/usn/USN-2169-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2169-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.3 |
| purl |
pkg:pypi/django@1.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-42cm-j2av-87ea |
|
| 3 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 11 |
| vulnerability |
VCID-bgjt-c6sa-pfaj |
|
| 12 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 13 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 14 |
| vulnerability |
VCID-c1n5-4ars-u7ff |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-eker-m822-cuax |
|
| 17 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 18 |
| vulnerability |
VCID-jc9f-vgy8-ruan |
|
| 19 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 20 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 21 |
| vulnerability |
VCID-q64b-r7td-2yab |
|
| 22 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 23 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 24 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 25 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 26 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 27 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 30 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3 |
|
|
| aliases |
CVE-2014-0472, GHSA-rvq6-mrpv-m6rm, PYSEC-2014-1
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qzba-9xmg-3qer |
|
| 25 |
| url |
VCID-sbr6-pybe-dubq |
| vulnerability_id |
VCID-sbr6-pybe-dubq |
| summary |
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5144 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84517 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84515 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84558 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84554 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84478 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84493 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84563 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84544 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.02238 |
| scoring_system |
epss |
| scoring_elements |
0.84538 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5144 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-2671-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2671-1 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.7.9 |
| purl |
pkg:pypi/django@1.7.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 8 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 12 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 13 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 14 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 18 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9 |
|
| 1 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 8 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 9 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 12 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 15 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 18 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 22 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5144, GHSA-q5qw-4364-5hhm, PYSEC-2015-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sbr6-pybe-dubq |
|
| 26 |
| url |
VCID-spwd-dz6f-5fh9 |
| vulnerability_id |
VCID-spwd-dz6f-5fh9 |
| summary |
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0220 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85484 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.8541 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85423 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85467 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85475 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85489 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02549 |
| scoring_system |
epss |
| scoring_elements |
0.85488 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0220 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
http://ubuntu.com/usn/usn-2469-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2469-1 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 12 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 1 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 13 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 14 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 15 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 16 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 17 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 18 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 19 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0220, GHSA-gv98-g628-m9x5, PYSEC-2015-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-spwd-dz6f-5fh9 |
|
| 27 |
| url |
VCID-t8ec-st1v-s3e5 |
| vulnerability_id |
VCID-t8ec-st1v-s3e5 |
| summary |
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0219 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89519 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89524 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89526 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89518 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89515 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89499 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89498 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89487 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.04836 |
| scoring_system |
epss |
| scoring_elements |
0.89483 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0219 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
http://www.ubuntu.com/usn/USN-2469-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2469-1 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 12 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 13 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 16 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 1 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 9 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 10 |
| vulnerability |
VCID-d7fu-jyta-2ygm |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 13 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 14 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 15 |
| vulnerability |
VCID-msmd-931q-abhe |
|
| 16 |
| vulnerability |
VCID-p543-5y7x-63hd |
|
| 17 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 18 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 19 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0219, GHSA-7qfw-j7hp-v45g, PYSEC-2015-4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t8ec-st1v-s3e5 |
|
| 28 |
| url |
VCID-ukxp-wqpr-t3by |
| vulnerability_id |
VCID-ukxp-wqpr-t3by |
| summary |
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2512 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78945 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.7896 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78931 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78906 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78923 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78895 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78888 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.78935 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2512 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2512 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
7.4 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 2 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 3 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2512 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-1 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-2 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-3 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.10 |
| purl |
pkg:pypi/django@1.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 9 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 14 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 17 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10 |
|
| 1 |
| url |
pkg:pypi/django@1.9.3 |
| purl |
pkg:pypi/django@1.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 9 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 10 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 11 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 12 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 15 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3 |
|
|
| aliases |
CVE-2016-2512, GHSA-pw27-w7w4-9qc7, PYSEC-2016-15
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukxp-wqpr-t3by |
|
| 29 |
| url |
VCID-w2dv-u8h6-sbgs |
| vulnerability_id |
VCID-w2dv-u8h6-sbgs |
| summary |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92785 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.928 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92796 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.9279 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92804 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.10 |
| purl |
pkg:pypi/django@2.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 23 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 24 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 25 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10 |
|
| 2 |
| url |
pkg:pypi/django@3.0.3 |
| purl |
pkg:pypi/django@3.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 8 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 9 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 10 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 11 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 14 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 17 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 18 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs |
|
| 30 |
| url |
VCID-w4pr-k5nj-ckgy |
| vulnerability_id |
VCID-w4pr-k5nj-ckgy |
| summary |
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05593 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05868 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05828 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05834 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05798 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy |
|
| 31 |
| url |
VCID-x4ev-6zjm-sbe4 |
| vulnerability_id |
VCID-x4ev-6zjm-sbe4 |
| summary |
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6186 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94081 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94113 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94112 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94107 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94071 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94103 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94095 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.13095 |
| scoring_system |
epss |
| scoring_elements |
0.94091 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6186 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
| reference_url |
https://www.exploit-db.com/exploits/40129 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/40129 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
http://www.ubuntu.com/usn/USN-3039-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3039-1 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-6186 |
| reference_id |
CVE-2016-6186 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-6186 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.14 |
| purl |
pkg:pypi/django@1.8.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-jae8-w85w-cyfu |
|
| 9 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 10 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 11 |
| vulnerability |
VCID-mv1p-yxvp-pbh6 |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 14 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14 |
|
| 1 |
| url |
pkg:pypi/django@1.9.8 |
| purl |
pkg:pypi/django@1.9.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-k25u-g17y-hyfh |
|
| 9 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 10 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 11 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 12 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8 |
|
| 2 |
| url |
pkg:pypi/django@1.10rc1 |
| purl |
pkg:pypi/django@1.10rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-438j-ce4y-zkan |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-bdms-nb18-guf9 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 9 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 10 |
| vulnerability |
VCID-uk1w-hehw-dyda |
|
| 11 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1 |
|
|
| aliases |
CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x4ev-6zjm-sbe4 |
|
| 32 |
| url |
VCID-x516-xwze-6ba3 |
| vulnerability_id |
VCID-x516-xwze-6ba3 |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 24 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 25 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 26 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
|
| aliases |
PYSEC-2019-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x516-xwze-6ba3 |
|
| 33 |
| url |
VCID-yemh-qd63-wuca |
| vulnerability_id |
VCID-yemh-qd63-wuca |
| summary |
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0474 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88314 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88337 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88378 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88361 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88342 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.8837 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.03963 |
| scoring_system |
epss |
| scoring_elements |
0.88367 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0474 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.ubuntu.com/usn/USN-2169-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2169-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.6.3 |
| purl |
pkg:pypi/django@1.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2dhb-9yue-33h7 |
|
| 1 |
| vulnerability |
VCID-325d-7dfk-sqd2 |
|
| 2 |
| vulnerability |
VCID-42cm-j2av-87ea |
|
| 3 |
| vulnerability |
VCID-5g4y-1qmy-27bd |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-8teq-9xr9-q3fg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a715-2qks-wyhn |
|
| 11 |
| vulnerability |
VCID-bgjt-c6sa-pfaj |
|
| 12 |
| vulnerability |
VCID-bgmv-mf3x-bkew |
|
| 13 |
| vulnerability |
VCID-br5x-v7md-47hp |
|
| 14 |
| vulnerability |
VCID-c1n5-4ars-u7ff |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-eker-m822-cuax |
|
| 17 |
| vulnerability |
VCID-gvvs-megy-9fc3 |
|
| 18 |
| vulnerability |
VCID-jc9f-vgy8-ruan |
|
| 19 |
| vulnerability |
VCID-jumh-hkhx-7qc9 |
|
| 20 |
| vulnerability |
VCID-k6s1-gnmc-e3ed |
|
| 21 |
| vulnerability |
VCID-q64b-r7td-2yab |
|
| 22 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 23 |
| vulnerability |
VCID-sbr6-pybe-dubq |
|
| 24 |
| vulnerability |
VCID-spwd-dz6f-5fh9 |
|
| 25 |
| vulnerability |
VCID-t8ec-st1v-s3e5 |
|
| 26 |
| vulnerability |
VCID-ukxp-wqpr-t3by |
|
| 27 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-x4ev-6zjm-sbe4 |
|
| 30 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3 |
|
|
| aliases |
CVE-2014-0474, GHSA-wqjj-hx84-v449, PYSEC-2014-3
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yemh-qd63-wuca |
|
|
|---|