Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.2.11
Typepypi
Namespace
Namedjango
Version4.2.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.30
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-1c7j-evpp-53eb
vulnerability_id VCID-1c7j-evpp-53eb
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.4022
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
reference_id
reference_type
scores
url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
6
reference_url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
reference_id
reference_type
scores
url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240808-0005
10
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
reference_id 2295937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
reference_id CVE-2024-39330
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
14
reference_url https://github.com/advisories/GHSA-9jmf-237g-qf46
reference_id GHSA-9jmf-237g-qf46
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jmf-237g-qf46
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
17
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
18
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
19
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-68nb-696n-n3bf
8
vulnerability VCID-7jbt-5zw2-vff2
9
vulnerability VCID-92bp-6kte-tyfs
10
vulnerability VCID-9udu-eqvn-mqbj
11
vulnerability VCID-ax7m-uv4s-zkc1
12
vulnerability VCID-bq5s-uknu-z7cn
13
vulnerability VCID-cbsj-1qqg-1ba6
14
vulnerability VCID-cg44-thdw-cygg
15
vulnerability VCID-chey-b3c1-pbe5
16
vulnerability VCID-em3c-ceug-cubp
17
vulnerability VCID-enen-3w2h-g3b8
18
vulnerability VCID-fbee-vj2y-cfeb
19
vulnerability VCID-heum-8mwz-sbcw
20
vulnerability VCID-j2uz-w2ur-7ud4
21
vulnerability VCID-jma1-9ags-xbfm
22
vulnerability VCID-jt9m-kd3k-uqca
23
vulnerability VCID-nyc2-p1rp-xkb4
24
vulnerability VCID-q4cv-2m7d-3qd5
25
vulnerability VCID-u15a-4ste-43cy
26
vulnerability VCID-vm2w-caad-nyd3
27
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-68nb-696n-n3bf
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-bq5s-uknu-z7cn
5
vulnerability VCID-chey-b3c1-pbe5
6
vulnerability VCID-jt9m-kd3k-uqca
7
vulnerability VCID-nyc2-p1rp-xkb4
8
vulnerability VCID-q4cv-2m7d-3qd5
9
vulnerability VCID-vm2w-caad-nyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1c7j-evpp-53eb
1
url VCID-1umb-2rxg-bbdk
vulnerability_id VCID-1umb-2rxg-bbdk
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
reference_id
reference_type
scores
0
value 0.01038
scoring_system epss
scoring_elements 0.77711
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
5
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
6
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
reference_id 2329288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
8
reference_url https://access.redhat.com/errata/RHSA-2024:11144
reference_id RHSA-2024:11144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11144
9
reference_url https://access.redhat.com/errata/RHSA-2024:11146
reference_id RHSA-2024:11146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11146
10
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
11
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-ax7m-uv4s-zkc1
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-chey-b3c1-pbe5
12
vulnerability VCID-em3c-ceug-cubp
13
vulnerability VCID-enen-3w2h-g3b8
14
vulnerability VCID-fbee-vj2y-cfeb
15
vulnerability VCID-heum-8mwz-sbcw
16
vulnerability VCID-j2uz-w2ur-7ud4
17
vulnerability VCID-jma1-9ags-xbfm
18
vulnerability VCID-nyc2-p1rp-xkb4
19
vulnerability VCID-u15a-4ste-43cy
20
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3e2-se1v-2yb5
1
vulnerability VCID-chey-b3c1-pbe5
2
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-ax7m-uv4s-zkc1
5
vulnerability VCID-chey-b3c1-pbe5
6
vulnerability VCID-em3c-ceug-cubp
7
vulnerability VCID-fbee-vj2y-cfeb
8
vulnerability VCID-nyc2-p1rp-xkb4
9
vulnerability VCID-u15a-4ste-43cy
10
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases BIT-django-2024-53907, CVE-2024-53907, GHSA-8498-2h75-472j, PYSEC-2024-156
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1umb-2rxg-bbdk
2
url VCID-32d1-b8f2-hud5
vulnerability_id VCID-32d1-b8f2-hud5
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
ASGI requests with a missing or understated `Content-Length` header could
bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading
`HttpRequest.body`, allowing remote attackers to load an unbounded request body into
memory.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Superior for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33034
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10784
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33034
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455927
reference_id 2455927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455927
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases BIT-django-2026-33034, CVE-2026-33034, GHSA-933h-hp56-hf7m, PYSEC-2026-49
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32d1-b8f2-hud5
3
url VCID-3d6k-rdsh-k7hm
vulnerability_id VCID-3d6k-rdsh-k7hm
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13372
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00331
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13372
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
reference_id
reference_type
scores
url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
7
reference_url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
reference_id
reference_type
scores
url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
8
reference_url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
reference_id
reference_type
scores
url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
9
reference_url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
10
reference_url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
11
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://groups.google.com/g/django-announce
12
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
13
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418372
reference_id 2418372
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418372
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
reference_id CVE-2025-13372
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
16
reference_url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
reference_id GHSA-rqw2-ghq9-44m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
fixed_packages
0
url pkg:pypi/django@4.2.27
purl pkg:pypi/django@4.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-5fbx-3yfb-fudx
2
vulnerability VCID-62jv-ab6d-sqdb
3
vulnerability VCID-63c7-mkxw-ufav
4
vulnerability VCID-92bp-6kte-tyfs
5
vulnerability VCID-cbsj-1qqg-1ba6
6
vulnerability VCID-cg44-thdw-cygg
7
vulnerability VCID-enen-3w2h-g3b8
8
vulnerability VCID-heum-8mwz-sbcw
9
vulnerability VCID-j2uz-w2ur-7ud4
10
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27
1
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
2
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-92bp-6kte-tyfs
6
vulnerability VCID-92z2-3rbz-77h9
7
vulnerability VCID-cbsj-1qqg-1ba6
8
vulnerability VCID-cg44-thdw-cygg
9
vulnerability VCID-enen-3w2h-g3b8
10
vulnerability VCID-g22z-jue5-8udz
11
vulnerability VCID-heum-8mwz-sbcw
12
vulnerability VCID-j2uz-w2ur-7ud4
13
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases BIT-django-2025-13372, CVE-2025-13372, GHSA-rqw2-ghq9-44m7, PYSEC-2025-104
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6k-rdsh-k7hm
4
url VCID-4vry-9jdm-nyg9
vulnerability_id VCID-4vry-9jdm-nyg9
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53908
reference_id
reference_type
scores
0
value 0.00931
scoring_system epss
scoring_elements 0.76454
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53908
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
5
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329287
reference_id 2329287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329287
7
reference_url https://access.redhat.com/errata/RHSA-2024:11144
reference_id RHSA-2024:11144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11144
8
reference_url https://access.redhat.com/errata/RHSA-2024:11146
reference_id RHSA-2024:11146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11146
9
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
10
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-ax7m-uv4s-zkc1
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-chey-b3c1-pbe5
12
vulnerability VCID-em3c-ceug-cubp
13
vulnerability VCID-enen-3w2h-g3b8
14
vulnerability VCID-fbee-vj2y-cfeb
15
vulnerability VCID-heum-8mwz-sbcw
16
vulnerability VCID-j2uz-w2ur-7ud4
17
vulnerability VCID-jma1-9ags-xbfm
18
vulnerability VCID-nyc2-p1rp-xkb4
19
vulnerability VCID-u15a-4ste-43cy
20
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3e2-se1v-2yb5
1
vulnerability VCID-chey-b3c1-pbe5
2
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-ax7m-uv4s-zkc1
5
vulnerability VCID-chey-b3c1-pbe5
6
vulnerability VCID-em3c-ceug-cubp
7
vulnerability VCID-fbee-vj2y-cfeb
8
vulnerability VCID-nyc2-p1rp-xkb4
9
vulnerability VCID-u15a-4ste-43cy
10
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases BIT-django-2024-53908, CVE-2024-53908, GHSA-m9g8-fxxm-xg86, PYSEC-2024-157
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vry-9jdm-nyg9
5
url VCID-5fbx-3yfb-fudx
vulnerability_id VCID-5fbx-3yfb-fudx
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11039
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://groups.google.com/g/django-announce
7
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
reference_id 2436343
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
reference_id CVE-2025-13473
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
11
reference_url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
reference_id GHSA-2mcm-79hx-8fxw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-63c7-mkxw-ufav
2
vulnerability VCID-cg44-thdw-cygg
3
vulnerability VCID-heum-8mwz-sbcw
4
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases BIT-django-2025-13473, CVE-2025-13473, GHSA-2mcm-79hx-8fxw, PYSEC-2026-42
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5fbx-3yfb-fudx
6
url VCID-62jv-ab6d-sqdb
vulnerability_id VCID-62jv-ab6d-sqdb
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01598
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
reference_id 2436339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id CVE-2026-1287
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
12
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
13
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
16
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
17
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
18
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
19
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-63c7-mkxw-ufav
2
vulnerability VCID-cg44-thdw-cygg
3
vulnerability VCID-heum-8mwz-sbcw
4
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases BIT-django-2026-1287, CVE-2026-1287, GHSA-gvg8-93h5-g6qq, PYSEC-2026-46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62jv-ab6d-sqdb
7
url VCID-63c7-mkxw-ufav
vulnerability_id VCID-63c7-mkxw-ufav
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33033
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15551
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33033
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455962
reference_id 2455962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455962
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases BIT-django-2026-33033, CVE-2026-33033, GHSA-5mf9-h53q-7mhq, PYSEC-2026-48
risk_score 2.6
exploitability 0.5
weighted_severity 5.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63c7-mkxw-ufav
8
url VCID-68nb-696n-n3bf
vulnerability_id VCID-68nb-696n-n3bf
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
reference_id
reference_type
scores
0
value 0.0091
scoring_system epss
scoring_elements 0.7616
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
reference_id
reference_type
scores
url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
6
reference_url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
reference_id
reference_type
scores
url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240905-0007
10
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
reference_id 2302435
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
reference_id CVE-2024-41991
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
14
reference_url https://github.com/advisories/GHSA-r836-hh6v-rg5g
reference_id GHSA-r836-hh6v-rg5g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r836-hh6v-rg5g
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:7987
reference_id RHSA-2024:7987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7987
17
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
18
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-7jbt-5zw2-vff2
8
vulnerability VCID-92bp-6kte-tyfs
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-chey-b3c1-pbe5
14
vulnerability VCID-em3c-ceug-cubp
15
vulnerability VCID-enen-3w2h-g3b8
16
vulnerability VCID-fbee-vj2y-cfeb
17
vulnerability VCID-heum-8mwz-sbcw
18
vulnerability VCID-j2uz-w2ur-7ud4
19
vulnerability VCID-jma1-9ags-xbfm
20
vulnerability VCID-jt9m-kd3k-uqca
21
vulnerability VCID-nyc2-p1rp-xkb4
22
vulnerability VCID-u15a-4ste-43cy
23
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-a3e2-se1v-2yb5
3
vulnerability VCID-chey-b3c1-pbe5
4
vulnerability VCID-jt9m-kd3k-uqca
5
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68nb-696n-n3bf
9
url VCID-7jbt-5zw2-vff2
vulnerability_id VCID-7jbt-5zw2-vff2
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20956
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
7
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
8
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
9
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
10
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
11
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
12
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
reference_id 2418366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
15
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
16
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
17
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
18
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
19
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
20
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
21
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
fixed_packages
0
url pkg:pypi/django@4.2.27
purl pkg:pypi/django@4.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-5fbx-3yfb-fudx
2
vulnerability VCID-62jv-ab6d-sqdb
3
vulnerability VCID-63c7-mkxw-ufav
4
vulnerability VCID-92bp-6kte-tyfs
5
vulnerability VCID-cbsj-1qqg-1ba6
6
vulnerability VCID-cg44-thdw-cygg
7
vulnerability VCID-enen-3w2h-g3b8
8
vulnerability VCID-heum-8mwz-sbcw
9
vulnerability VCID-j2uz-w2ur-7ud4
10
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27
1
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
2
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-92bp-6kte-tyfs
6
vulnerability VCID-92z2-3rbz-77h9
7
vulnerability VCID-cbsj-1qqg-1ba6
8
vulnerability VCID-cg44-thdw-cygg
9
vulnerability VCID-enen-3w2h-g3b8
10
vulnerability VCID-g22z-jue5-8udz
11
vulnerability VCID-heum-8mwz-sbcw
12
vulnerability VCID-j2uz-w2ur-7ud4
13
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases BIT-django-2025-64460, CVE-2025-64460, GHSA-vrcr-9hj9-jcg6, PYSEC-2025-109
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jbt-5zw2-vff2
10
url VCID-92bp-6kte-tyfs
vulnerability_id VCID-92bp-6kte-tyfs
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Jiyong Yang for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19503
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
reference_id
reference_type
scores
url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
reference_id 2436341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
reference_id CVE-2025-14550
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
12
reference_url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
reference_id GHSA-33mw-q7rj-mjwj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
13
reference_url https://access.redhat.com/errata/RHSA-2026:13508
reference_id RHSA-2026:13508
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13508
14
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
15
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
16
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
17
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-63c7-mkxw-ufav
2
vulnerability VCID-cg44-thdw-cygg
3
vulnerability VCID-heum-8mwz-sbcw
4
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases BIT-django-2025-14550, CVE-2025-14550, GHSA-33mw-q7rj-mjwj, PYSEC-2026-43
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92bp-6kte-tyfs
11
url VCID-9udu-eqvn-mqbj
vulnerability_id VCID-9udu-eqvn-mqbj
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64458
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.07194
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64458
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
reference_id
reference_type
scores
url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
6
reference_url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
reference_id
reference_type
scores
url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
7
reference_url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
reference_id
reference_type
scores
url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
8
reference_url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
reference_id
reference_type
scores
url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
9
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
10
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
11
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412649
reference_id 2412649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412649
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
reference_id CVE-2025-64458
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
14
reference_url https://github.com/advisories/GHSA-qw25-v68c-qjf3
reference_id GHSA-qw25-v68c-qjf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qw25-v68c-qjf3
fixed_packages
0
url pkg:pypi/django@4.2.26
purl pkg:pypi/django@4.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-cbsj-1qqg-1ba6
8
vulnerability VCID-cg44-thdw-cygg
9
vulnerability VCID-enen-3w2h-g3b8
10
vulnerability VCID-heum-8mwz-sbcw
11
vulnerability VCID-j2uz-w2ur-7ud4
12
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26
1
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
2
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-5fbx-3yfb-fudx
4
vulnerability VCID-62jv-ab6d-sqdb
5
vulnerability VCID-63c7-mkxw-ufav
6
vulnerability VCID-7jbt-5zw2-vff2
7
vulnerability VCID-92bp-6kte-tyfs
8
vulnerability VCID-92z2-3rbz-77h9
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-enen-3w2h-g3b8
12
vulnerability VCID-g22z-jue5-8udz
13
vulnerability VCID-heum-8mwz-sbcw
14
vulnerability VCID-j2uz-w2ur-7ud4
15
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases BIT-django-2025-64458, CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9udu-eqvn-mqbj
12
url VCID-ape9-66ck-nfez
vulnerability_id VCID-ape9-66ck-nfez
summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38875.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38875
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.56182
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38875
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db
reference_id
reference_type
scores
url https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db
6
reference_url https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
reference_id
reference_type
scores
url https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240808-0005
10
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295935
reference_id 2295935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295935
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38875
reference_id CVE-2024-38875
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-38875
14
reference_url https://github.com/advisories/GHSA-qg2p-9jwr-mmqf
reference_id GHSA-qg2p-9jwr-mmqf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qg2p-9jwr-mmqf
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
17
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
18
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
19
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-68nb-696n-n3bf
8
vulnerability VCID-7jbt-5zw2-vff2
9
vulnerability VCID-92bp-6kte-tyfs
10
vulnerability VCID-9udu-eqvn-mqbj
11
vulnerability VCID-ax7m-uv4s-zkc1
12
vulnerability VCID-bq5s-uknu-z7cn
13
vulnerability VCID-cbsj-1qqg-1ba6
14
vulnerability VCID-cg44-thdw-cygg
15
vulnerability VCID-chey-b3c1-pbe5
16
vulnerability VCID-em3c-ceug-cubp
17
vulnerability VCID-enen-3w2h-g3b8
18
vulnerability VCID-fbee-vj2y-cfeb
19
vulnerability VCID-heum-8mwz-sbcw
20
vulnerability VCID-j2uz-w2ur-7ud4
21
vulnerability VCID-jma1-9ags-xbfm
22
vulnerability VCID-jt9m-kd3k-uqca
23
vulnerability VCID-nyc2-p1rp-xkb4
24
vulnerability VCID-q4cv-2m7d-3qd5
25
vulnerability VCID-u15a-4ste-43cy
26
vulnerability VCID-vm2w-caad-nyd3
27
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-68nb-696n-n3bf
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-bq5s-uknu-z7cn
5
vulnerability VCID-chey-b3c1-pbe5
6
vulnerability VCID-jt9m-kd3k-uqca
7
vulnerability VCID-nyc2-p1rp-xkb4
8
vulnerability VCID-q4cv-2m7d-3qd5
9
vulnerability VCID-vm2w-caad-nyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases BIT-django-2024-38875, CVE-2024-38875, GHSA-qg2p-9jwr-mmqf, PYSEC-2024-56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ape9-66ck-nfez
13
url VCID-ax7m-uv4s-zkc1
vulnerability_id VCID-ax7m-uv4s-zkc1
summary An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17327
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
6
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
7
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
8
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/09/03/3
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
reference_id 2392990
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
10
reference_url https://access.redhat.com/errata/RHSA-2025:16403
reference_id RHSA-2025:16403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16403
11
reference_url https://access.redhat.com/errata/RHSA-2025:16404
reference_id RHSA-2025:16404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16404
12
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
13
reference_url https://access.redhat.com/errata/RHSA-2025:16514
reference_id RHSA-2025:16514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16514
14
reference_url https://access.redhat.com/errata/RHSA-2025:17498
reference_id RHSA-2025:17498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17498
15
reference_url https://access.redhat.com/errata/RHSA-2025:17499
reference_id RHSA-2025:17499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17499
16
reference_url https://access.redhat.com/errata/RHSA-2025:17500
reference_id RHSA-2025:17500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17500
17
reference_url https://access.redhat.com/errata/RHSA-2025:17606
reference_id RHSA-2025:17606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17606
18
reference_url https://access.redhat.com/errata/RHSA-2025:17613
reference_id RHSA-2025:17613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17613
19
reference_url https://access.redhat.com/errata/RHSA-2025:17614
reference_id RHSA-2025:17614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17614
fixed_packages
0
url pkg:pypi/django@4.2.24
purl pkg:pypi/django@4.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-cbsj-1qqg-1ba6
9
vulnerability VCID-cg44-thdw-cygg
10
vulnerability VCID-enen-3w2h-g3b8
11
vulnerability VCID-heum-8mwz-sbcw
12
vulnerability VCID-j2uz-w2ur-7ud4
13
vulnerability VCID-jma1-9ags-xbfm
14
vulnerability VCID-u15a-4ste-43cy
15
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24
1
url pkg:pypi/django@5.1.12
purl pkg:pypi/django@5.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-u15a-4ste-43cy
4
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12
2
url pkg:pypi/django@5.2.6
purl pkg:pypi/django@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-5fbx-3yfb-fudx
4
vulnerability VCID-62jv-ab6d-sqdb
5
vulnerability VCID-63c7-mkxw-ufav
6
vulnerability VCID-7jbt-5zw2-vff2
7
vulnerability VCID-92bp-6kte-tyfs
8
vulnerability VCID-92z2-3rbz-77h9
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-cbsj-1qqg-1ba6
11
vulnerability VCID-cg44-thdw-cygg
12
vulnerability VCID-enen-3w2h-g3b8
13
vulnerability VCID-g22z-jue5-8udz
14
vulnerability VCID-heum-8mwz-sbcw
15
vulnerability VCID-j2uz-w2ur-7ud4
16
vulnerability VCID-jma1-9ags-xbfm
17
vulnerability VCID-u15a-4ste-43cy
18
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6
aliases BIT-django-2025-57833, CVE-2025-57833, GHSA-6w2r-r2m5-xq5w, PYSEC-2025-105
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7m-uv4s-zkc1
14
url VCID-bq5s-uknu-z7cn
vulnerability_id VCID-bq5s-uknu-z7cn
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56049
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
reference_id
reference_type
scores
url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
6
reference_url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
reference_id
reference_type
scores
url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240905-0007
10
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
reference_id 2302436
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
reference_id CVE-2024-42005
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
14
reference_url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
reference_id GHSA-pv4p-cwwg-4rph
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
17
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
18
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-7jbt-5zw2-vff2
8
vulnerability VCID-92bp-6kte-tyfs
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-chey-b3c1-pbe5
14
vulnerability VCID-em3c-ceug-cubp
15
vulnerability VCID-enen-3w2h-g3b8
16
vulnerability VCID-fbee-vj2y-cfeb
17
vulnerability VCID-heum-8mwz-sbcw
18
vulnerability VCID-j2uz-w2ur-7ud4
19
vulnerability VCID-jma1-9ags-xbfm
20
vulnerability VCID-jt9m-kd3k-uqca
21
vulnerability VCID-nyc2-p1rp-xkb4
22
vulnerability VCID-u15a-4ste-43cy
23
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-a3e2-se1v-2yb5
3
vulnerability VCID-chey-b3c1-pbe5
4
vulnerability VCID-jt9m-kd3k-uqca
5
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq5s-uknu-z7cn
15
url VCID-cbsj-1qqg-1ba6
vulnerability_id VCID-cbsj-1qqg-1ba6
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20962
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
reference_id 2436340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id CVE-2026-1285
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
12
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
13
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
16
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
17
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-63c7-mkxw-ufav
2
vulnerability VCID-cg44-thdw-cygg
3
vulnerability VCID-heum-8mwz-sbcw
4
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases BIT-django-2026-1285, CVE-2026-1285, GHSA-4rrr-2h4v-f3j9, PYSEC-2026-45
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbsj-1qqg-1ba6
16
url VCID-cg44-thdw-cygg
vulnerability_id VCID-cg44-thdw-cygg
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new
instances to be created via forged `POST` data.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Cantina for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4292
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02704
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4292
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455941
reference_id 2455941
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455941
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases BIT-django-2026-4292, CVE-2026-4292, GHSA-mmwr-2jhp-mc7j, PYSEC-2026-53
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg44-thdw-cygg
17
url VCID-chey-b3c1-pbe5
vulnerability_id VCID-chey-b3c1-pbe5
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24578
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
6
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/01/14/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
reference_id 2337996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
8
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
9
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
10
reference_url https://access.redhat.com/errata/RHSA-2025:0782
reference_id RHSA-2025:0782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0782
11
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
12
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
fixed_packages
0
url pkg:pypi/django@4.2.18
purl pkg:pypi/django@4.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-ax7m-uv4s-zkc1
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-em3c-ceug-cubp
12
vulnerability VCID-enen-3w2h-g3b8
13
vulnerability VCID-fbee-vj2y-cfeb
14
vulnerability VCID-heum-8mwz-sbcw
15
vulnerability VCID-j2uz-w2ur-7ud4
16
vulnerability VCID-jma1-9ags-xbfm
17
vulnerability VCID-nyc2-p1rp-xkb4
18
vulnerability VCID-u15a-4ste-43cy
19
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.18
1
url pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3e2-se1v-2yb5
1
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11
2
url pkg:pypi/django@5.1.5
purl pkg:pypi/django@5.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-ax7m-uv4s-zkc1
5
vulnerability VCID-em3c-ceug-cubp
6
vulnerability VCID-fbee-vj2y-cfeb
7
vulnerability VCID-nyc2-p1rp-xkb4
8
vulnerability VCID-u15a-4ste-43cy
9
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5
aliases BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
risk_score 2.6
exploitability 0.5
weighted_severity 5.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chey-b3c1-pbe5
18
url VCID-em3c-ceug-cubp
vulnerability_id VCID-em3c-ceug-cubp
summary denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40408
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
6
reference_url http://www.openwall.com/lists/oss-security/2025/05/07/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/05/07/1
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
reference_id 2364980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
8
reference_url https://security.archlinux.org/ASA-202505-10
reference_id ASA-202505-10
reference_type
scores
url https://security.archlinux.org/ASA-202505-10
9
reference_url https://security.archlinux.org/AVG-2876
reference_id AVG-2876
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2876
fixed_packages
0
url pkg:pypi/django@4.2.21
purl pkg:pypi/django@4.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-ax7m-uv4s-zkc1
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-enen-3w2h-g3b8
12
vulnerability VCID-fbee-vj2y-cfeb
13
vulnerability VCID-heum-8mwz-sbcw
14
vulnerability VCID-j2uz-w2ur-7ud4
15
vulnerability VCID-jma1-9ags-xbfm
16
vulnerability VCID-u15a-4ste-43cy
17
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.21
1
url pkg:pypi/django@5.1.9
purl pkg:pypi/django@5.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-ax7m-uv4s-zkc1
4
vulnerability VCID-fbee-vj2y-cfeb
5
vulnerability VCID-u15a-4ste-43cy
6
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.9
2
url pkg:pypi/django@5.2.1
purl pkg:pypi/django@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-5fbx-3yfb-fudx
4
vulnerability VCID-62jv-ab6d-sqdb
5
vulnerability VCID-63c7-mkxw-ufav
6
vulnerability VCID-7jbt-5zw2-vff2
7
vulnerability VCID-92bp-6kte-tyfs
8
vulnerability VCID-92z2-3rbz-77h9
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-enen-3w2h-g3b8
14
vulnerability VCID-fbee-vj2y-cfeb
15
vulnerability VCID-g22z-jue5-8udz
16
vulnerability VCID-heum-8mwz-sbcw
17
vulnerability VCID-j2uz-w2ur-7ud4
18
vulnerability VCID-jma1-9ags-xbfm
19
vulnerability VCID-u15a-4ste-43cy
20
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1
aliases BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-em3c-ceug-cubp
19
url VCID-enen-3w2h-g3b8
vulnerability_id VCID-enen-3w2h-g3b8
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01598
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
7
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
reference_id 2436342
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id CVE-2026-1312
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
13
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6426-9fv3-65x8
14
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
15
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
16
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
17
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
18
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
19
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
20
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-63c7-mkxw-ufav
2
vulnerability VCID-cg44-thdw-cygg
3
vulnerability VCID-heum-8mwz-sbcw
4
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases BIT-django-2026-1312, CVE-2026-1312, GHSA-6426-9fv3-65x8, PYSEC-2026-47
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enen-3w2h-g3b8
20
url VCID-fbee-vj2y-cfeb
vulnerability_id VCID-fbee-vj2y-cfeb
summary content spoofing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
reference_id
reference_type
scores
0
value 0.00411
scoring_system epss
scoring_elements 0.6171
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
6
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/06/04/5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
reference_id 2370365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
8
reference_url https://security.archlinux.org/ASA-202506-6
reference_id ASA-202506-6
reference_type
scores
url https://security.archlinux.org/ASA-202506-6
9
reference_url https://security.archlinux.org/AVG-2894
reference_id AVG-2894
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2894
10
reference_url https://access.redhat.com/errata/RHSA-2025:14686
reference_id RHSA-2025:14686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14686
11
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
fixed_packages
0
url pkg:pypi/django@4.2.22
purl pkg:pypi/django@4.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-ax7m-uv4s-zkc1
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-enen-3w2h-g3b8
12
vulnerability VCID-heum-8mwz-sbcw
13
vulnerability VCID-j2uz-w2ur-7ud4
14
vulnerability VCID-jma1-9ags-xbfm
15
vulnerability VCID-u15a-4ste-43cy
16
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22
1
url pkg:pypi/django@5.1.10
purl pkg:pypi/django@5.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-ax7m-uv4s-zkc1
4
vulnerability VCID-u15a-4ste-43cy
5
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10
2
url pkg:pypi/django@5.2.2
purl pkg:pypi/django@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-5fbx-3yfb-fudx
4
vulnerability VCID-62jv-ab6d-sqdb
5
vulnerability VCID-63c7-mkxw-ufav
6
vulnerability VCID-7jbt-5zw2-vff2
7
vulnerability VCID-92bp-6kte-tyfs
8
vulnerability VCID-92z2-3rbz-77h9
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-enen-3w2h-g3b8
14
vulnerability VCID-g22z-jue5-8udz
15
vulnerability VCID-heum-8mwz-sbcw
16
vulnerability VCID-j2uz-w2ur-7ud4
17
vulnerability VCID-jma1-9ags-xbfm
18
vulnerability VCID-u15a-4ste-43cy
19
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2
aliases BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbee-vj2y-cfeb
21
url VCID-heum-8mwz-sbcw
vulnerability_id VCID-heum-8mwz-sbcw
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Add permissions on inline model instances were not validated on submission of
forged `POST` data in `GenericInlineModelAdmin`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank N05ec@LZU-DSLab for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4277
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.0645
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4277
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455939
reference_id 2455939
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455939
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases BIT-django-2026-4277, CVE-2026-4277, GHSA-pwjp-ccjc-ghwg, PYSEC-2026-52
risk_score 3.9
exploitability 0.5
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-heum-8mwz-sbcw
22
url VCID-j2uz-w2ur-7ud4
vulnerability_id VCID-j2uz-w2ur-7ud4
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3902
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.04025
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3902
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455935
reference_id 2455935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455935
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases BIT-django-2026-3902, CVE-2026-3902, GHSA-mvfq-ggxm-9mc5, PYSEC-2026-51
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2uz-w2ur-7ud4
23
url VCID-jma1-9ags-xbfm
vulnerability_id VCID-jma1-9ags-xbfm
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
reference_id
reference_type
scores
0
value 0.05295
scoring_system epss
scoring_elements 0.90167
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
reference_id 2436338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id CVE-2026-1207
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
12
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwm9-4648-f68q
13
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
16
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
17
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
18
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
19
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-63c7-mkxw-ufav
2
vulnerability VCID-cg44-thdw-cygg
3
vulnerability VCID-heum-8mwz-sbcw
4
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-g22z-jue5-8udz
6
vulnerability VCID-heum-8mwz-sbcw
7
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases BIT-django-2026-1207, CVE-2026-1207, GHSA-mwm9-4648-f68q, PYSEC-2026-44
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jma1-9ags-xbfm
24
url VCID-jt9m-kd3k-uqca
vulnerability_id VCID-jt9m-kd3k-uqca
summary An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45230
reference_id
reference_type
scores
0
value 0.02721
scoring_system epss
scoring_elements 0.86191
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45230
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397
reference_id
reference_type
scores
url https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397
6
reference_url https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b
reference_id
reference_type
scores
url https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b
7
reference_url https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
reference_id
reference_type
scores
url https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml
9
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
10
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314485
reference_id 2314485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314485
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45230
reference_id CVE-2024-45230
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-45230
14
reference_url https://github.com/advisories/GHSA-5hgc-2vfp-mqvc
reference_id GHSA-5hgc-2vfp-mqvc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hgc-2vfp-mqvc
15
reference_url https://access.redhat.com/errata/RHSA-2024:8534
reference_id RHSA-2024:8534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8534
fixed_packages
0
url pkg:pypi/django@4.2.16
purl pkg:pypi/django@4.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-7jbt-5zw2-vff2
8
vulnerability VCID-92bp-6kte-tyfs
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-chey-b3c1-pbe5
14
vulnerability VCID-em3c-ceug-cubp
15
vulnerability VCID-enen-3w2h-g3b8
16
vulnerability VCID-fbee-vj2y-cfeb
17
vulnerability VCID-heum-8mwz-sbcw
18
vulnerability VCID-j2uz-w2ur-7ud4
19
vulnerability VCID-jma1-9ags-xbfm
20
vulnerability VCID-nyc2-p1rp-xkb4
21
vulnerability VCID-u15a-4ste-43cy
22
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16
1
url pkg:pypi/django@5.0.9
purl pkg:pypi/django@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-a3e2-se1v-2yb5
3
vulnerability VCID-chey-b3c1-pbe5
4
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9
2
url pkg:pypi/django@5.1.1
purl pkg:pypi/django@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-4vry-9jdm-nyg9
3
vulnerability VCID-7jbt-5zw2-vff2
4
vulnerability VCID-9udu-eqvn-mqbj
5
vulnerability VCID-a3e2-se1v-2yb5
6
vulnerability VCID-ax7m-uv4s-zkc1
7
vulnerability VCID-chey-b3c1-pbe5
8
vulnerability VCID-em3c-ceug-cubp
9
vulnerability VCID-fbee-vj2y-cfeb
10
vulnerability VCID-nyc2-p1rp-xkb4
11
vulnerability VCID-u15a-4ste-43cy
12
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1
aliases BIT-django-2024-45230, CVE-2024-45230, GHSA-5hgc-2vfp-mqvc, PYSEC-2024-102
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt9m-kd3k-uqca
25
url VCID-kv5d-p5n4-r7dp
vulnerability_id VCID-kv5d-p5n4-r7dp
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
reference_id
reference_type
scores
0
value 0.06838
scoring_system epss
scoring_elements 0.91486
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
reference_id
reference_type
scores
url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
6
reference_url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
reference_id
reference_type
scores
url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240808-0005
10
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
reference_id 2295938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
reference_id CVE-2024-39614
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
14
reference_url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
reference_id GHSA-f6f8-9mx6-9mx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
17
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
18
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
19
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
20
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-68nb-696n-n3bf
8
vulnerability VCID-7jbt-5zw2-vff2
9
vulnerability VCID-92bp-6kte-tyfs
10
vulnerability VCID-9udu-eqvn-mqbj
11
vulnerability VCID-ax7m-uv4s-zkc1
12
vulnerability VCID-bq5s-uknu-z7cn
13
vulnerability VCID-cbsj-1qqg-1ba6
14
vulnerability VCID-cg44-thdw-cygg
15
vulnerability VCID-chey-b3c1-pbe5
16
vulnerability VCID-em3c-ceug-cubp
17
vulnerability VCID-enen-3w2h-g3b8
18
vulnerability VCID-fbee-vj2y-cfeb
19
vulnerability VCID-heum-8mwz-sbcw
20
vulnerability VCID-j2uz-w2ur-7ud4
21
vulnerability VCID-jma1-9ags-xbfm
22
vulnerability VCID-jt9m-kd3k-uqca
23
vulnerability VCID-nyc2-p1rp-xkb4
24
vulnerability VCID-q4cv-2m7d-3qd5
25
vulnerability VCID-u15a-4ste-43cy
26
vulnerability VCID-vm2w-caad-nyd3
27
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-68nb-696n-n3bf
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-bq5s-uknu-z7cn
5
vulnerability VCID-chey-b3c1-pbe5
6
vulnerability VCID-jt9m-kd3k-uqca
7
vulnerability VCID-nyc2-p1rp-xkb4
8
vulnerability VCID-q4cv-2m7d-3qd5
9
vulnerability VCID-vm2w-caad-nyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kv5d-p5n4-r7dp
26
url VCID-nyc2-p1rp-xkb4
vulnerability_id VCID-nyc2-p1rp-xkb4
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52366
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
5
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
6
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
7
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/03/06/12
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
reference_id 2348993
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
9
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
10
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
11
reference_url https://access.redhat.com/errata/RHSA-2025:3709
reference_id RHSA-2025:3709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3709
12
reference_url https://access.redhat.com/errata/RHSA-2025:4553
reference_id RHSA-2025:4553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4553
13
reference_url https://access.redhat.com/errata/RHSA-2025:8609
reference_id RHSA-2025:8609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8609
fixed_packages
0
url pkg:pypi/django@4.2.20
purl pkg:pypi/django@4.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-ax7m-uv4s-zkc1
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-em3c-ceug-cubp
12
vulnerability VCID-enen-3w2h-g3b8
13
vulnerability VCID-fbee-vj2y-cfeb
14
vulnerability VCID-heum-8mwz-sbcw
15
vulnerability VCID-j2uz-w2ur-7ud4
16
vulnerability VCID-jma1-9ags-xbfm
17
vulnerability VCID-u15a-4ste-43cy
18
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.20
1
url pkg:pypi/django@5.0.13
purl pkg:pypi/django@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3e2-se1v-2yb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13
2
url pkg:pypi/django@5.1.7
purl pkg:pypi/django@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-ax7m-uv4s-zkc1
5
vulnerability VCID-em3c-ceug-cubp
6
vulnerability VCID-fbee-vj2y-cfeb
7
vulnerability VCID-u15a-4ste-43cy
8
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7
aliases BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyc2-p1rp-xkb4
27
url VCID-q4cv-2m7d-3qd5
vulnerability_id VCID-q4cv-2m7d-3qd5
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41990
reference_id
reference_type
scores
0
value 0.01326
scoring_system epss
scoring_elements 0.80233
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41990
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
reference_id
reference_type
scores
url https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
6
reference_url https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
reference_id
reference_type
scores
url https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240905-0007
10
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302434
reference_id 2302434
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302434
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41990
reference_id CVE-2024-41990
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-41990
14
reference_url https://github.com/advisories/GHSA-795c-9xpc-xw6g
reference_id GHSA-795c-9xpc-xw6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-795c-9xpc-xw6g
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
17
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-7jbt-5zw2-vff2
8
vulnerability VCID-92bp-6kte-tyfs
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-chey-b3c1-pbe5
14
vulnerability VCID-em3c-ceug-cubp
15
vulnerability VCID-enen-3w2h-g3b8
16
vulnerability VCID-fbee-vj2y-cfeb
17
vulnerability VCID-heum-8mwz-sbcw
18
vulnerability VCID-j2uz-w2ur-7ud4
19
vulnerability VCID-jma1-9ags-xbfm
20
vulnerability VCID-jt9m-kd3k-uqca
21
vulnerability VCID-nyc2-p1rp-xkb4
22
vulnerability VCID-u15a-4ste-43cy
23
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-a3e2-se1v-2yb5
3
vulnerability VCID-chey-b3c1-pbe5
4
vulnerability VCID-jt9m-kd3k-uqca
5
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases BIT-django-2024-41990, CVE-2024-41990, GHSA-795c-9xpc-xw6g, PYSEC-2024-68
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4cv-2m7d-3qd5
28
url VCID-sz4x-rr8f-a3hf
vulnerability_id VCID-sz4x-rr8f-a3hf
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37368
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
reference_id
reference_type
scores
url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
6
reference_url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
reference_id
reference_type
scores
url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240808-0005
10
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
reference_id 2295936
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
reference_id CVE-2024-39329
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
14
reference_url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
reference_id GHSA-x7q2-wr7g-xqmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
17
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
18
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
19
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-68nb-696n-n3bf
8
vulnerability VCID-7jbt-5zw2-vff2
9
vulnerability VCID-92bp-6kte-tyfs
10
vulnerability VCID-9udu-eqvn-mqbj
11
vulnerability VCID-ax7m-uv4s-zkc1
12
vulnerability VCID-bq5s-uknu-z7cn
13
vulnerability VCID-cbsj-1qqg-1ba6
14
vulnerability VCID-cg44-thdw-cygg
15
vulnerability VCID-chey-b3c1-pbe5
16
vulnerability VCID-em3c-ceug-cubp
17
vulnerability VCID-enen-3w2h-g3b8
18
vulnerability VCID-fbee-vj2y-cfeb
19
vulnerability VCID-heum-8mwz-sbcw
20
vulnerability VCID-j2uz-w2ur-7ud4
21
vulnerability VCID-jma1-9ags-xbfm
22
vulnerability VCID-jt9m-kd3k-uqca
23
vulnerability VCID-nyc2-p1rp-xkb4
24
vulnerability VCID-q4cv-2m7d-3qd5
25
vulnerability VCID-u15a-4ste-43cy
26
vulnerability VCID-vm2w-caad-nyd3
27
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-68nb-696n-n3bf
3
vulnerability VCID-a3e2-se1v-2yb5
4
vulnerability VCID-bq5s-uknu-z7cn
5
vulnerability VCID-chey-b3c1-pbe5
6
vulnerability VCID-jt9m-kd3k-uqca
7
vulnerability VCID-nyc2-p1rp-xkb4
8
vulnerability VCID-q4cv-2m7d-3qd5
9
vulnerability VCID-vm2w-caad-nyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz4x-rr8f-a3hf
29
url VCID-u15a-4ste-43cy
vulnerability_id VCID-u15a-4ste-43cy
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49195
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
6
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
7
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
8
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
9
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
10
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://groups.google.com/g/django-announce
11
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
12
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
13
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id 2412651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id CVE-2025-64459
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
17
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
18
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
19
reference_url https://access.redhat.com/errata/RHSA-2025:23070
reference_id RHSA-2025:23070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23070
20
reference_url https://access.redhat.com/errata/RHSA-2025:23130
reference_id RHSA-2025:23130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23130
21
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
22
reference_url https://access.redhat.com/errata/RHSA-2025:23133
reference_id RHSA-2025:23133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23133
23
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
24
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
fixed_packages
0
url pkg:pypi/django@4.2.26
purl pkg:pypi/django@4.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-cbsj-1qqg-1ba6
8
vulnerability VCID-cg44-thdw-cygg
9
vulnerability VCID-enen-3w2h-g3b8
10
vulnerability VCID-heum-8mwz-sbcw
11
vulnerability VCID-j2uz-w2ur-7ud4
12
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26
1
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
2
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-5fbx-3yfb-fudx
4
vulnerability VCID-62jv-ab6d-sqdb
5
vulnerability VCID-63c7-mkxw-ufav
6
vulnerability VCID-7jbt-5zw2-vff2
7
vulnerability VCID-92bp-6kte-tyfs
8
vulnerability VCID-92z2-3rbz-77h9
9
vulnerability VCID-cbsj-1qqg-1ba6
10
vulnerability VCID-cg44-thdw-cygg
11
vulnerability VCID-enen-3w2h-g3b8
12
vulnerability VCID-g22z-jue5-8udz
13
vulnerability VCID-heum-8mwz-sbcw
14
vulnerability VCID-j2uz-w2ur-7ud4
15
vulnerability VCID-jma1-9ags-xbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u15a-4ste-43cy
30
url VCID-vm2w-caad-nyd3
vulnerability_id VCID-vm2w-caad-nyd3
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
reference_id
reference_type
scores
0
value 0.01386
scoring_system epss
scoring_elements 0.8064
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
reference_id
reference_type
scores
url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
6
reference_url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
reference_id
reference_type
scores
url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240905-0007
10
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
11
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
reference_id 2302433
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
reference_id CVE-2024-41989
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
14
reference_url https://github.com/advisories/GHSA-jh75-99hh-qvx9
reference_id GHSA-jh75-99hh-qvx9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh75-99hh-qvx9
15
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
16
reference_url https://access.redhat.com/errata/RHSA-2024:8534
reference_id RHSA-2024:8534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8534
17
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
18
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-32d1-b8f2-hud5
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-4vry-9jdm-nyg9
4
vulnerability VCID-5fbx-3yfb-fudx
5
vulnerability VCID-62jv-ab6d-sqdb
6
vulnerability VCID-63c7-mkxw-ufav
7
vulnerability VCID-7jbt-5zw2-vff2
8
vulnerability VCID-92bp-6kte-tyfs
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-ax7m-uv4s-zkc1
11
vulnerability VCID-cbsj-1qqg-1ba6
12
vulnerability VCID-cg44-thdw-cygg
13
vulnerability VCID-chey-b3c1-pbe5
14
vulnerability VCID-em3c-ceug-cubp
15
vulnerability VCID-enen-3w2h-g3b8
16
vulnerability VCID-fbee-vj2y-cfeb
17
vulnerability VCID-heum-8mwz-sbcw
18
vulnerability VCID-j2uz-w2ur-7ud4
19
vulnerability VCID-jma1-9ags-xbfm
20
vulnerability VCID-jt9m-kd3k-uqca
21
vulnerability VCID-nyc2-p1rp-xkb4
22
vulnerability VCID-u15a-4ste-43cy
23
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1umb-2rxg-bbdk
1
vulnerability VCID-4vry-9jdm-nyg9
2
vulnerability VCID-a3e2-se1v-2yb5
3
vulnerability VCID-chey-b3c1-pbe5
4
vulnerability VCID-jt9m-kd3k-uqca
5
vulnerability VCID-nyc2-p1rp-xkb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vm2w-caad-nyd3
31
url VCID-vpgq-jhzc-j7h2
vulnerability_id VCID-vpgq-jhzc-j7h2
summary An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02764
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
7
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
10
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
11
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/10/01/3
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
reference_id 2400449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
14
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
15
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
16
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
fixed_packages
0
url pkg:pypi/django@4.2.25
purl pkg:pypi/django@4.2.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3d6k-rdsh-k7hm
2
vulnerability VCID-5fbx-3yfb-fudx
3
vulnerability VCID-62jv-ab6d-sqdb
4
vulnerability VCID-63c7-mkxw-ufav
5
vulnerability VCID-7jbt-5zw2-vff2
6
vulnerability VCID-92bp-6kte-tyfs
7
vulnerability VCID-9udu-eqvn-mqbj
8
vulnerability VCID-cbsj-1qqg-1ba6
9
vulnerability VCID-cg44-thdw-cygg
10
vulnerability VCID-enen-3w2h-g3b8
11
vulnerability VCID-heum-8mwz-sbcw
12
vulnerability VCID-j2uz-w2ur-7ud4
13
vulnerability VCID-jma1-9ags-xbfm
14
vulnerability VCID-u15a-4ste-43cy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.25
1
url pkg:pypi/django@5.1.13
purl pkg:pypi/django@5.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3d6k-rdsh-k7hm
1
vulnerability VCID-7jbt-5zw2-vff2
2
vulnerability VCID-9udu-eqvn-mqbj
3
vulnerability VCID-u15a-4ste-43cy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.13
2
url pkg:pypi/django@5.2.7
purl pkg:pypi/django@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-3d6k-rdsh-k7hm
3
vulnerability VCID-5fbx-3yfb-fudx
4
vulnerability VCID-62jv-ab6d-sqdb
5
vulnerability VCID-63c7-mkxw-ufav
6
vulnerability VCID-7jbt-5zw2-vff2
7
vulnerability VCID-92bp-6kte-tyfs
8
vulnerability VCID-92z2-3rbz-77h9
9
vulnerability VCID-9udu-eqvn-mqbj
10
vulnerability VCID-cbsj-1qqg-1ba6
11
vulnerability VCID-cg44-thdw-cygg
12
vulnerability VCID-enen-3w2h-g3b8
13
vulnerability VCID-g22z-jue5-8udz
14
vulnerability VCID-heum-8mwz-sbcw
15
vulnerability VCID-j2uz-w2ur-7ud4
16
vulnerability VCID-jma1-9ags-xbfm
17
vulnerability VCID-u15a-4ste-43cy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7
aliases BIT-django-2025-59681, CVE-2025-59681, GHSA-hpr9-3m2g-3j9p, PYSEC-2025-106
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpgq-jhzc-j7h2
Fixing_vulnerabilities
0
url VCID-bjn5-qpmt-qffx
vulnerability_id VCID-bjn5-qpmt-qffx
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
reference_id
reference_type
scores
0
value 0.02611
scoring_system epss
scoring_elements 0.85903
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
2
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
3
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
7
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
8
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
17
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
18
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
19
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2024/03/04/1
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
reference_id 2266045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
22
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
23
reference_url https://access.redhat.com/errata/RHSA-2024:1640
reference_id RHSA-2024:1640
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1640
24
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
25
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
26
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
27
reference_url https://access.redhat.com/errata/RHSA-2025:4187
reference_id RHSA-2025:4187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4187
28
reference_url https://usn.ubuntu.com/6674-1/
reference_id USN-6674-1
reference_type
scores
url https://usn.ubuntu.com/6674-1/
29
reference_url https://usn.ubuntu.com/6674-2/
reference_id USN-6674-2
reference_type
scores
url https://usn.ubuntu.com/6674-2/
fixed_packages
0
url pkg:pypi/django@3.2.25
purl pkg:pypi/django@3.2.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25
1
url pkg:pypi/django@4.2.11
purl pkg:pypi/django@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-92bp-6kte-tyfs
11
vulnerability VCID-9udu-eqvn-mqbj
12
vulnerability VCID-ape9-66ck-nfez
13
vulnerability VCID-ax7m-uv4s-zkc1
14
vulnerability VCID-bq5s-uknu-z7cn
15
vulnerability VCID-cbsj-1qqg-1ba6
16
vulnerability VCID-cg44-thdw-cygg
17
vulnerability VCID-chey-b3c1-pbe5
18
vulnerability VCID-em3c-ceug-cubp
19
vulnerability VCID-enen-3w2h-g3b8
20
vulnerability VCID-fbee-vj2y-cfeb
21
vulnerability VCID-heum-8mwz-sbcw
22
vulnerability VCID-j2uz-w2ur-7ud4
23
vulnerability VCID-jma1-9ags-xbfm
24
vulnerability VCID-jt9m-kd3k-uqca
25
vulnerability VCID-kv5d-p5n4-r7dp
26
vulnerability VCID-nyc2-p1rp-xkb4
27
vulnerability VCID-q4cv-2m7d-3qd5
28
vulnerability VCID-sz4x-rr8f-a3hf
29
vulnerability VCID-u15a-4ste-43cy
30
vulnerability VCID-vm2w-caad-nyd3
31
vulnerability VCID-vpgq-jhzc-j7h2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11
2
url pkg:pypi/django@5.0.3
purl pkg:pypi/django@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-4vry-9jdm-nyg9
3
vulnerability VCID-68nb-696n-n3bf
4
vulnerability VCID-a3e2-se1v-2yb5
5
vulnerability VCID-ape9-66ck-nfez
6
vulnerability VCID-bq5s-uknu-z7cn
7
vulnerability VCID-chey-b3c1-pbe5
8
vulnerability VCID-jt9m-kd3k-uqca
9
vulnerability VCID-kv5d-p5n4-r7dp
10
vulnerability VCID-nyc2-p1rp-xkb4
11
vulnerability VCID-q4cv-2m7d-3qd5
12
vulnerability VCID-sz4x-rr8f-a3hf
13
vulnerability VCID-vm2w-caad-nyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3
aliases BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjn5-qpmt-qffx
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11