Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@5.0.3

Type pypi

Namespace

Name django

Version 5.0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.0.14

Latest_non_vulnerable_version 6.0.5

Affected_by_vulnerabilities

url VCID-1c7j-evpp-53eb

vulnerability_id VCID-1c7j-evpp-53eb

summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39330

reference_id

reference_type

scores

value	0.00186
scoring_system	epss
scoring_elements	0.4022
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39330

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e

reference_url	https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240808-0005

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-39330
reference_id	CVE-2024-39330
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-39330

reference_url

https://github.com/advisories/GHSA-9jmf-237g-qf46

reference_id

GHSA-9jmf-237g-qf46

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9jmf-237g-qf46

fixed_packages

url pkg:pypi/django@5.0.7

purl pkg:pypi/django@5.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7

aliases BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1c7j-evpp-53eb

url VCID-1umb-2rxg-bbdk

vulnerability_id VCID-1umb-2rxg-bbdk

summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53907

reference_id

reference_type

scores

value	0.01038
scoring_system	epss
scoring_elements	0.77711
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53907

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html

reference_url	https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2024/12/04/3

fixed_packages

url pkg:pypi/django@5.0.10

purl pkg:pypi/django@5.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10

url pkg:pypi/django@5.1.4

purl pkg:pypi/django@5.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4

aliases BIT-django-2024-53907, CVE-2024-53907, GHSA-8498-2h75-472j, PYSEC-2024-156

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1umb-2rxg-bbdk

url VCID-4vry-9jdm-nyg9

vulnerability_id VCID-4vry-9jdm-nyg9

summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53908

reference_id

reference_type

scores

value	0.00931
scoring_system	epss
scoring_elements	0.76454
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53908

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce

reference_url	https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2024/12/04/3

fixed_packages

url pkg:pypi/django@5.0.10

purl pkg:pypi/django@5.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10

url pkg:pypi/django@5.1.4

purl pkg:pypi/django@5.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4

aliases BIT-django-2024-53908, CVE-2024-53908, GHSA-m9g8-fxxm-xg86, PYSEC-2024-157

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vry-9jdm-nyg9

url VCID-68nb-696n-n3bf

vulnerability_id VCID-68nb-696n-n3bf

summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41991

reference_id

reference_type

scores

value	0.0091
scoring_system	epss
scoring_elements	0.7616
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41991

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
reference_id
reference_type
scores
url	https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927

reference_url	https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240905-0007

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-41991
reference_id	CVE-2024-41991
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-41991

reference_url

https://github.com/advisories/GHSA-r836-hh6v-rg5g

reference_id

GHSA-r836-hh6v-rg5g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r836-hh6v-rg5g

fixed_packages

url pkg:pypi/django@5.0.8

purl pkg:pypi/django@5.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8

aliases BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68nb-696n-n3bf

url VCID-a3e2-se1v-2yb5

vulnerability_id VCID-a3e2-se1v-2yb5

summary An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27556

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01482
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27556

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce

reference_url	https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2025/apr/02/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2025/04/02/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2025/04/02/2

fixed_packages

url	pkg:pypi/django@5.0.14
purl	pkg:pypi/django@5.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14

url pkg:pypi/django@5.1.8

purl pkg:pypi/django@5.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8

aliases BIT-django-2025-27556, CVE-2025-27556, GHSA-wqfg-m96j-85vm, PYSEC-2025-14

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3e2-se1v-2yb5

url VCID-ape9-66ck-nfez

vulnerability_id VCID-ape9-66ck-nfez

summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38875

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56182
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38875

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db
reference_id
reference_type
scores
url	https://github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db

reference_url	https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240808-0005

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-38875
reference_id	CVE-2024-38875
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-38875

reference_url

https://github.com/advisories/GHSA-qg2p-9jwr-mmqf

reference_id

GHSA-qg2p-9jwr-mmqf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qg2p-9jwr-mmqf

fixed_packages

url pkg:pypi/django@5.0.7

purl pkg:pypi/django@5.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7

aliases BIT-django-2024-38875, CVE-2024-38875, GHSA-qg2p-9jwr-mmqf, PYSEC-2024-56

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ape9-66ck-nfez

url VCID-bq5s-uknu-z7cn

vulnerability_id VCID-bq5s-uknu-z7cn

summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-42005

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.56049
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-42005

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d

reference_url	https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240905-0007

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-42005
reference_id	CVE-2024-42005
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-42005

reference_url

https://github.com/advisories/GHSA-pv4p-cwwg-4rph

reference_id

GHSA-pv4p-cwwg-4rph

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pv4p-cwwg-4rph

fixed_packages

url pkg:pypi/django@5.0.8

purl pkg:pypi/django@5.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8

aliases BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq5s-uknu-z7cn

url VCID-chey-b3c1-pbe5

vulnerability_id VCID-chey-b3c1-pbe5

summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56374

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24578
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56374

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce

reference_url	https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2025/jan/14/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2025/01/14/2

fixed_packages

url pkg:pypi/django@5.0.11

purl pkg:pypi/django@5.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11

url pkg:pypi/django@5.1.5

purl pkg:pypi/django@5.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5

aliases BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chey-b3c1-pbe5

url VCID-jt9m-kd3k-uqca

vulnerability_id VCID-jt9m-kd3k-uqca

summary An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45230

reference_id

reference_type

scores

value	0.02721
scoring_system	epss
scoring_elements	0.86191
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45230

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397
reference_id
reference_type
scores
url	https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397

reference_url	https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b

reference_url	https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2024/sep/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/sep/03/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-45230
reference_id	CVE-2024-45230
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-45230

reference_url

https://github.com/advisories/GHSA-5hgc-2vfp-mqvc

reference_id

GHSA-5hgc-2vfp-mqvc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5hgc-2vfp-mqvc

fixed_packages

url pkg:pypi/django@5.0.9

purl pkg:pypi/django@5.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9

url pkg:pypi/django@5.1.1

purl pkg:pypi/django@5.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1

aliases BIT-django-2024-45230, CVE-2024-45230, GHSA-5hgc-2vfp-mqvc, PYSEC-2024-102

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt9m-kd3k-uqca

url VCID-kv5d-p5n4-r7dp

vulnerability_id VCID-kv5d-p5n4-r7dp

summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39614

reference_id

reference_type

scores

value	0.06838
scoring_system	epss
scoring_elements	0.91486
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39614

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
reference_id
reference_type
scores
url	https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3

reference_url	https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
reference_id
reference_type
scores
url	https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240808-0005

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-39614
reference_id	CVE-2024-39614
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-39614

reference_url

https://github.com/advisories/GHSA-f6f8-9mx6-9mx2

reference_id

GHSA-f6f8-9mx6-9mx2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f6f8-9mx6-9mx2

fixed_packages

url pkg:pypi/django@5.0.7

purl pkg:pypi/django@5.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7

aliases BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kv5d-p5n4-r7dp

url VCID-nyc2-p1rp-xkb4

vulnerability_id VCID-nyc2-p1rp-xkb4

summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-26699

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52366
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-26699

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html

reference_url	https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2025/mar/06/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2025/03/06/12

fixed_packages

url pkg:pypi/django@5.0.13

purl pkg:pypi/django@5.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3e2-se1v-2yb5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13

url pkg:pypi/django@5.1.7

purl pkg:pypi/django@5.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7

aliases BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyc2-p1rp-xkb4

url VCID-q4cv-2m7d-3qd5

vulnerability_id VCID-q4cv-2m7d-3qd5

summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41990

reference_id

reference_type

scores

value	0.01326
scoring_system	epss
scoring_elements	0.80233
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41990

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
reference_id
reference_type
scores
url	https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93

reference_url	https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240905-0007

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-41990
reference_id	CVE-2024-41990
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-41990

reference_url

https://github.com/advisories/GHSA-795c-9xpc-xw6g

reference_id

GHSA-795c-9xpc-xw6g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-795c-9xpc-xw6g

fixed_packages

url pkg:pypi/django@5.0.8

purl pkg:pypi/django@5.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8

aliases BIT-django-2024-41990, CVE-2024-41990, GHSA-795c-9xpc-xw6g, PYSEC-2024-68

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4cv-2m7d-3qd5

url VCID-sz4x-rr8f-a3hf

vulnerability_id VCID-sz4x-rr8f-a3hf

summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39329

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37368
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39329

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b

reference_url	https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
reference_id
reference_type
scores
url	https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240808-0005

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-39329
reference_id	CVE-2024-39329
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-39329

reference_url

https://github.com/advisories/GHSA-x7q2-wr7g-xqmf

reference_id

GHSA-x7q2-wr7g-xqmf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x7q2-wr7g-xqmf

fixed_packages

url pkg:pypi/django@5.0.7

purl pkg:pypi/django@5.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7

aliases BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz4x-rr8f-a3hf

url VCID-vm2w-caad-nyd3

vulnerability_id VCID-vm2w-caad-nyd3

summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41989

reference_id

reference_type

scores

value	0.01386
scoring_system	epss
scoring_elements	0.8064
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41989

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
reference_id
reference_type
scores
url	https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8

reference_url	https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240905-0007

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-41989
reference_id	CVE-2024-41989
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-41989

reference_url

https://github.com/advisories/GHSA-jh75-99hh-qvx9

reference_id

GHSA-jh75-99hh-qvx9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh75-99hh-qvx9

fixed_packages

url pkg:pypi/django@5.0.8

purl pkg:pypi/django@5.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-nyc2-p1rp-xkb4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8

aliases BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vm2w-caad-nyd3

Fixing_vulnerabilities

url VCID-bjn5-qpmt-qffx

vulnerability_id VCID-bjn5-qpmt-qffx

summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27351

reference_id

reference_type

scores

value	0.02611
scoring_system	epss
scoring_elements	0.85903
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27351

reference_url	https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security

reference_url	https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521

reference_url	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e

reference_url	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2024/03/04/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id	CVE-2024-27351
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-27351

reference_url

https://github.com/advisories/GHSA-vm8q-m57g-pff3

reference_id

GHSA-vm8q-m57g-pff3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vm8q-m57g-pff3

fixed_packages

url	pkg:pypi/django@3.2.25
purl	pkg:pypi/django@3.2.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25

url pkg:pypi/django@4.2.11

purl pkg:pypi/django@4.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3d6k-rdsh-k7hm

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-5fbx-3yfb-fudx

vulnerability	VCID-62jv-ab6d-sqdb

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-7jbt-5zw2-vff2

vulnerability	VCID-92bp-6kte-tyfs

vulnerability	VCID-9udu-eqvn-mqbj

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-ax7m-uv4s-zkc1

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-cbsj-1qqg-1ba6

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-em3c-ceug-cubp

vulnerability	VCID-enen-3w2h-g3b8

vulnerability	VCID-fbee-vj2y-cfeb

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jma1-9ags-xbfm

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-u15a-4ste-43cy

vulnerability	VCID-vm2w-caad-nyd3

vulnerability	VCID-vpgq-jhzc-j7h2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11

url pkg:pypi/django@5.0.3

purl pkg:pypi/django@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c7j-evpp-53eb

vulnerability	VCID-1umb-2rxg-bbdk

vulnerability	VCID-4vry-9jdm-nyg9

vulnerability	VCID-68nb-696n-n3bf

vulnerability	VCID-a3e2-se1v-2yb5

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-bq5s-uknu-z7cn

vulnerability	VCID-chey-b3c1-pbe5

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-kv5d-p5n4-r7dp

vulnerability	VCID-nyc2-p1rp-xkb4

vulnerability	VCID-q4cv-2m7d-3qd5

vulnerability	VCID-sz4x-rr8f-a3hf

vulnerability	VCID-vm2w-caad-nyd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3

aliases BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjn5-qpmt-qffx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3

Package Instance