Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.1.10
Typepypi
Namespace
Namedjango
Version4.1.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.13
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-7u6e-a3ng-fude
vulnerability_id VCID-7u6e-a3ng-fude
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
reference_id
reference_type
scores
0
value 0.0279
scoring_system epss
scoring_elements 0.86341
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
7
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
8
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
16
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231221-0001
17
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
18
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
reference_id 2241046
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
21
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
22
reference_url https://access.redhat.com/errata/RHSA-2023:6158
reference_id RHSA-2023:6158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6158
23
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
24
reference_url https://usn.ubuntu.com/6414-1/
reference_id USN-6414-1
reference_type
scores
url https://usn.ubuntu.com/6414-1/
25
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:pypi/django@4.1.12
purl pkg:pypi/django@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12
1
url pkg:pypi/django@4.2.6
purl pkg:pypi/django@4.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bjn5-qpmt-qffx
15
vulnerability VCID-bq5s-uknu-z7cn
16
vulnerability VCID-cbsj-1qqg-1ba6
17
vulnerability VCID-cg44-thdw-cygg
18
vulnerability VCID-chey-b3c1-pbe5
19
vulnerability VCID-e2p6-m8gu-jbfu
20
vulnerability VCID-em3c-ceug-cubp
21
vulnerability VCID-enen-3w2h-g3b8
22
vulnerability VCID-fbee-vj2y-cfeb
23
vulnerability VCID-heum-8mwz-sbcw
24
vulnerability VCID-j2uz-w2ur-7ud4
25
vulnerability VCID-jma1-9ags-xbfm
26
vulnerability VCID-jt9m-kd3k-uqca
27
vulnerability VCID-kv5d-p5n4-r7dp
28
vulnerability VCID-nyc2-p1rp-xkb4
29
vulnerability VCID-q4cv-2m7d-3qd5
30
vulnerability VCID-sz4x-rr8f-a3hf
31
vulnerability VCID-u15a-4ste-43cy
32
vulnerability VCID-vm2w-caad-nyd3
33
vulnerability VCID-vpgq-jhzc-j7h2
34
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6
aliases BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u6e-a3ng-fude
1
url VCID-ctk2-ykg7-h7ag
vulnerability_id VCID-ctk2-ykg7-h7ag
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61354
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
7
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
8
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
16
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0002
17
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
18
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
reference_id 2237258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
21
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
22
reference_url https://access.redhat.com/errata/RHSA-2023:5208
reference_id RHSA-2023:5208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5208
23
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
24
reference_url https://usn.ubuntu.com/6378-1/
reference_id USN-6378-1
reference_type
scores
url https://usn.ubuntu.com/6378-1/
25
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:pypi/django@4.1.11
purl pkg:pypi/django@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11
1
url pkg:pypi/django@4.2.5
purl pkg:pypi/django@4.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-e2p6-m8gu-jbfu
21
vulnerability VCID-em3c-ceug-cubp
22
vulnerability VCID-enen-3w2h-g3b8
23
vulnerability VCID-fbee-vj2y-cfeb
24
vulnerability VCID-heum-8mwz-sbcw
25
vulnerability VCID-j2uz-w2ur-7ud4
26
vulnerability VCID-jma1-9ags-xbfm
27
vulnerability VCID-jt9m-kd3k-uqca
28
vulnerability VCID-kv5d-p5n4-r7dp
29
vulnerability VCID-nyc2-p1rp-xkb4
30
vulnerability VCID-q4cv-2m7d-3qd5
31
vulnerability VCID-sz4x-rr8f-a3hf
32
vulnerability VCID-u15a-4ste-43cy
33
vulnerability VCID-vm2w-caad-nyd3
34
vulnerability VCID-vpgq-jhzc-j7h2
35
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5
aliases BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctk2-ykg7-h7ag
2
url VCID-e2p6-m8gu-jbfu
vulnerability_id VCID-e2p6-m8gu-jbfu
summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46695.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46695.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
reference_id
reference_type
scores
0
value 0.03582
scoring_system epss
scoring_elements 0.87943
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
7
reference_url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
8
reference_url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0001
13
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2247097
reference_id 2247097
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2247097
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id CVE-2023-46695
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
17
reference_url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id GHSA-qmf9-6jqf-j8fq
reference_type
scores
url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
fixed_packages
0
url pkg:pypi/django@4.1.13
purl pkg:pypi/django@4.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13
1
url pkg:pypi/django@4.2.7
purl pkg:pypi/django@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bjn5-qpmt-qffx
15
vulnerability VCID-bq5s-uknu-z7cn
16
vulnerability VCID-cbsj-1qqg-1ba6
17
vulnerability VCID-cg44-thdw-cygg
18
vulnerability VCID-chey-b3c1-pbe5
19
vulnerability VCID-em3c-ceug-cubp
20
vulnerability VCID-enen-3w2h-g3b8
21
vulnerability VCID-fbee-vj2y-cfeb
22
vulnerability VCID-heum-8mwz-sbcw
23
vulnerability VCID-j2uz-w2ur-7ud4
24
vulnerability VCID-jma1-9ags-xbfm
25
vulnerability VCID-jt9m-kd3k-uqca
26
vulnerability VCID-kv5d-p5n4-r7dp
27
vulnerability VCID-nyc2-p1rp-xkb4
28
vulnerability VCID-q4cv-2m7d-3qd5
29
vulnerability VCID-sz4x-rr8f-a3hf
30
vulnerability VCID-u15a-4ste-43cy
31
vulnerability VCID-vm2w-caad-nyd3
32
vulnerability VCID-vpgq-jhzc-j7h2
33
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7
aliases BIT-django-2023-46695, CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2p6-m8gu-jbfu
Fixing_vulnerabilities
0
url VCID-kmv2-339j-8ugc
vulnerability_id VCID-kmv2-339j-8ugc
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
reference_id
reference_type
scores
0
value 0.09595
scoring_system epss
scoring_elements 0.93006
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
7
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
8
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
9
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
11
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
12
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
13
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
20
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5465
21
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
22
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2218004
reference_id 2218004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2218004
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
25
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
26
reference_url https://access.redhat.com/errata/RHSA-2023:4692
reference_id RHSA-2023:4692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4692
27
reference_url https://access.redhat.com/errata/RHSA-2023:4693
reference_id RHSA-2023:4693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4693
28
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
29
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
30
reference_url https://access.redhat.com/errata/RHSA-2024:0212
reference_id RHSA-2024:0212
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0212
31
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
32
reference_url https://usn.ubuntu.com/6203-1/
reference_id USN-6203-1
reference_type
scores
url https://usn.ubuntu.com/6203-1/
33
reference_url https://usn.ubuntu.com/6203-2/
reference_id USN-6203-2
reference_type
scores
url https://usn.ubuntu.com/6203-2/
fixed_packages
0
url pkg:pypi/django@3.2.20
purl pkg:pypi/django@3.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-bjn5-qpmt-qffx
2
vulnerability VCID-ctk2-ykg7-h7ag
3
vulnerability VCID-e2p6-m8gu-jbfu
4
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20
1
url pkg:pypi/django@4.1.10
purl pkg:pypi/django@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10
2
url pkg:pypi/django@4.2.3
purl pkg:pypi/django@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kv5d-p5n4-r7dp
30
vulnerability VCID-nyc2-p1rp-xkb4
31
vulnerability VCID-q4cv-2m7d-3qd5
32
vulnerability VCID-sz4x-rr8f-a3hf
33
vulnerability VCID-u15a-4ste-43cy
34
vulnerability VCID-vm2w-caad-nyd3
35
vulnerability VCID-vpgq-jhzc-j7h2
36
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3
aliases BIT-django-2023-36053, CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmv2-339j-8ugc
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10