Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/37824?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/37824?format=api", "purl": "pkg:pypi/django@4.1.13", "type": "pypi", "namespace": "", "name": "django", "version": "4.1.13", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.2.30", "latest_non_vulnerable_version": "6.0.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36598?format=api", "vulnerability_id": "VCID-am3f-c5ex-8ff2", "summary": "An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f" }, { "reference_url": "https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e" }, { "reference_url": "https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20231214-0001" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46695", "reference_id": "CVE-2023-46695", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46695" }, { "reference_url": "https://github.com/advisories/GHSA-qmf9-6jqf-j8fq", "reference_id": "GHSA-qmf9-6jqf-j8fq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qmf9-6jqf-j8fq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37823?format=api", "purl": "pkg:pypi/django@3.2.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/37824?format=api", "purl": "pkg:pypi/django@4.1.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/37825?format=api", "purl": "pkg:pypi/django@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7" } ], "aliases": [ "CVE-2023-46695", "GHSA-qmf9-6jqf-j8fq", "PYSEC-2023-222" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am3f-c5ex-8ff2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13" }