Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.1.8
Typepypi
Namespace
Namedjango
Version4.1.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.13
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-7u6e-a3ng-fude
vulnerability_id VCID-7u6e-a3ng-fude
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
reference_id
reference_type
scores
0
value 0.0279
scoring_system epss
scoring_elements 0.86341
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
5
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
6
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231221-0001
15
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
18
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
fixed_packages
0
url pkg:pypi/django@4.1.12
purl pkg:pypi/django@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12
1
url pkg:pypi/django@4.2.6
purl pkg:pypi/django@4.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bjn5-qpmt-qffx
15
vulnerability VCID-bq5s-uknu-z7cn
16
vulnerability VCID-cbsj-1qqg-1ba6
17
vulnerability VCID-cg44-thdw-cygg
18
vulnerability VCID-chey-b3c1-pbe5
19
vulnerability VCID-e2p6-m8gu-jbfu
20
vulnerability VCID-em3c-ceug-cubp
21
vulnerability VCID-enen-3w2h-g3b8
22
vulnerability VCID-fbee-vj2y-cfeb
23
vulnerability VCID-heum-8mwz-sbcw
24
vulnerability VCID-j2uz-w2ur-7ud4
25
vulnerability VCID-jma1-9ags-xbfm
26
vulnerability VCID-jt9m-kd3k-uqca
27
vulnerability VCID-kv5d-p5n4-r7dp
28
vulnerability VCID-nyc2-p1rp-xkb4
29
vulnerability VCID-q4cv-2m7d-3qd5
30
vulnerability VCID-sz4x-rr8f-a3hf
31
vulnerability VCID-u15a-4ste-43cy
32
vulnerability VCID-vm2w-caad-nyd3
33
vulnerability VCID-vpgq-jhzc-j7h2
34
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6
aliases CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u6e-a3ng-fude
1
url VCID-ctk2-ykg7-h7ag
vulnerability_id VCID-ctk2-ykg7-h7ag
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61354
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
5
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
6
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0002
15
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
18
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
fixed_packages
0
url pkg:pypi/django@4.1.11
purl pkg:pypi/django@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11
1
url pkg:pypi/django@4.2.5
purl pkg:pypi/django@4.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-e2p6-m8gu-jbfu
21
vulnerability VCID-em3c-ceug-cubp
22
vulnerability VCID-enen-3w2h-g3b8
23
vulnerability VCID-fbee-vj2y-cfeb
24
vulnerability VCID-heum-8mwz-sbcw
25
vulnerability VCID-j2uz-w2ur-7ud4
26
vulnerability VCID-jma1-9ags-xbfm
27
vulnerability VCID-jt9m-kd3k-uqca
28
vulnerability VCID-kv5d-p5n4-r7dp
29
vulnerability VCID-nyc2-p1rp-xkb4
30
vulnerability VCID-q4cv-2m7d-3qd5
31
vulnerability VCID-sz4x-rr8f-a3hf
32
vulnerability VCID-u15a-4ste-43cy
33
vulnerability VCID-vm2w-caad-nyd3
34
vulnerability VCID-vpgq-jhzc-j7h2
35
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5
aliases CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctk2-ykg7-h7ag
2
url VCID-e2p6-m8gu-jbfu
vulnerability_id VCID-e2p6-m8gu-jbfu
summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
reference_id
reference_type
scores
0
value 0.03582
scoring_system epss
scoring_elements 0.87943
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
5
reference_url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
6
reference_url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0001
11
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
12
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id CVE-2023-46695
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
14
reference_url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id GHSA-qmf9-6jqf-j8fq
reference_type
scores
url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
fixed_packages
0
url pkg:pypi/django@4.1.13
purl pkg:pypi/django@4.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13
1
url pkg:pypi/django@4.2.7
purl pkg:pypi/django@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bjn5-qpmt-qffx
15
vulnerability VCID-bq5s-uknu-z7cn
16
vulnerability VCID-cbsj-1qqg-1ba6
17
vulnerability VCID-cg44-thdw-cygg
18
vulnerability VCID-chey-b3c1-pbe5
19
vulnerability VCID-em3c-ceug-cubp
20
vulnerability VCID-enen-3w2h-g3b8
21
vulnerability VCID-fbee-vj2y-cfeb
22
vulnerability VCID-heum-8mwz-sbcw
23
vulnerability VCID-j2uz-w2ur-7ud4
24
vulnerability VCID-jma1-9ags-xbfm
25
vulnerability VCID-jt9m-kd3k-uqca
26
vulnerability VCID-kv5d-p5n4-r7dp
27
vulnerability VCID-nyc2-p1rp-xkb4
28
vulnerability VCID-q4cv-2m7d-3qd5
29
vulnerability VCID-sz4x-rr8f-a3hf
30
vulnerability VCID-u15a-4ste-43cy
31
vulnerability VCID-vm2w-caad-nyd3
32
vulnerability VCID-vpgq-jhzc-j7h2
33
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7
aliases CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2p6-m8gu-jbfu
3
url VCID-kmv2-339j-8ugc
vulnerability_id VCID-kmv2-339j-8ugc
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
reference_id
reference_type
scores
0
value 0.09595
scoring_system epss
scoring_elements 0.93006
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
5
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
6
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
7
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
9
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
10
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
11
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
18
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5465
19
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
20
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
22
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
fixed_packages
0
url pkg:pypi/django@4.1.10
purl pkg:pypi/django@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10
1
url pkg:pypi/django@4.2.3
purl pkg:pypi/django@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kv5d-p5n4-r7dp
30
vulnerability VCID-nyc2-p1rp-xkb4
31
vulnerability VCID-q4cv-2m7d-3qd5
32
vulnerability VCID-sz4x-rr8f-a3hf
33
vulnerability VCID-u15a-4ste-43cy
34
vulnerability VCID-vm2w-caad-nyd3
35
vulnerability VCID-vpgq-jhzc-j7h2
36
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3
aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmv2-339j-8ugc
4
url VCID-rn9d-fd73-3kb9
vulnerability_id VCID-rn9d-fd73-3kb9
summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32498
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
5
reference_url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
6
reference_url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
12
reference_url https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230609-0008
13
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id CVE-2023-31047
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
16
reference_url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id GHSA-r3xc-prgr-mg9p
reference_type
scores
url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
fixed_packages
0
url pkg:pypi/django@4.1.9
purl pkg:pypi/django@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-kmv2-339j-8ugc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9
1
url pkg:pypi/django@4.2.1
purl pkg:pypi/django@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kmv2-339j-8ugc
30
vulnerability VCID-kv5d-p5n4-r7dp
31
vulnerability VCID-nyc2-p1rp-xkb4
32
vulnerability VCID-q4cv-2m7d-3qd5
33
vulnerability VCID-sz4x-rr8f-a3hf
34
vulnerability VCID-u15a-4ste-43cy
35
vulnerability VCID-vm2w-caad-nyd3
36
vulnerability VCID-vpgq-jhzc-j7h2
37
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1
aliases CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn9d-fd73-3kb9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.8