Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.2.10
Typepypi
Namespace
Namedjango
Version4.2.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.30
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-2ft7-rbey-kuhx
vulnerability_id VCID-2ft7-rbey-kuhx
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-pa7y-gpwp-6qgj
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-qy1a-x3ff-4bc8
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53908, PYSEC-2024-157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx
1
url VCID-4kcg-gx5y-cuaw
vulnerability_id VCID-4kcg-gx5y-cuaw
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id CVE-2026-1207
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
8
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
url https://github.com/advisories/GHSA-mwm9-4648-f68q
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1207, GHSA-mwm9-4648-f68q, PYSEC-2026-44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kcg-gx5y-cuaw
2
url VCID-5xtt-au84-zbb2
vulnerability_id VCID-5xtt-au84-zbb2
summary An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
4
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
6
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
7
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
8
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/10/01/3
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
10
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
fixed_packages
0
url pkg:pypi/django@4.2.25
purl pkg:pypi/django@4.2.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-ga7z-wj4j-63h1
5
vulnerability VCID-jybd-p65h-xffy
6
vulnerability VCID-kxdd-yzp3-r7cb
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
14
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.25
1
url pkg:pypi/django@5.1.13
purl pkg:pypi/django@5.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
2
vulnerability VCID-ga69-9y5g-77c3
3
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.13
2
url pkg:pypi/django@5.2.7
purl pkg:pypi/django@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-m4am-h2ea-3ffr
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7
aliases CVE-2025-59681, GHSA-hpr9-3m2g-3j9p, PYSEC-2025-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xtt-au84-zbb2
3
url VCID-7c5n-nzwk-v7bz
vulnerability_id VCID-7c5n-nzwk-v7bz
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
reference_id
reference_type
scores
url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
4
reference_url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
reference_id
reference_type
scores
url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
5
reference_url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
reference_id
reference_type
scores
url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
6
reference_url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
7
reference_url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
10
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
reference_id CVE-2025-13372
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
12
reference_url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
reference_id GHSA-rqw2-ghq9-44m7
reference_type
scores
url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
fixed_packages
0
url pkg:pypi/django@4.2.27
purl pkg:pypi/django@4.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-ga7z-wj4j-63h1
2
vulnerability VCID-jybd-p65h-xffy
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-phkp-9abp-f3dq
5
vulnerability VCID-r1vx-vv7d-gqaj
6
vulnerability VCID-shch-yusm-1uck
7
vulnerability VCID-shjc-2j68-2yfy
8
vulnerability VCID-tktt-vg92-6kae
9
vulnerability VCID-tuqc-c251-h7ds
10
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27
1
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
2
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases CVE-2025-13372, GHSA-rqw2-ghq9-44m7, PYSEC-2025-104
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c5n-nzwk-v7bz
4
url VCID-9gq3-whr8-s7b8
vulnerability_id VCID-9gq3-whr8-s7b8
summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-38875, PYSEC-2024-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gq3-whr8-s7b8
5
url VCID-9kvc-1bdz-n3bd
vulnerability_id VCID-9kvc-1bdz-n3bd
summary denial of service
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
23
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
24
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
25
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
26
reference_url http://www.openwall.com/lists/oss-security/2025/05/07/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/05/07/1
27
reference_url https://security.archlinux.org/ASA-202505-10
reference_id ASA-202505-10
reference_type
scores
url https://security.archlinux.org/ASA-202505-10
28
reference_url https://security.archlinux.org/AVG-2876
reference_id AVG-2876
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2876
fixed_packages
0
url pkg:pypi/django@4.2.21
purl pkg:pypi/django@4.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
16
vulnerability VCID-whgc-pt2s-77ar
17
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.21
1
url pkg:pypi/django@5.1.9
purl pkg:pypi/django@5.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-bb8b-hq41-s7a6
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-whgc-pt2s-77ar
6
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.9
2
url pkg:pypi/django@5.2.1
purl pkg:pypi/django@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-jybd-p65h-xffy
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1
aliases CVE-2025-32873, PYSEC-2025-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvc-1bdz-n3bd
6
url VCID-bb8b-hq41-s7a6
vulnerability_id VCID-bb8b-hq41-s7a6
summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/06/04/5
fixed_packages
0
url pkg:pypi/django@4.2.22
purl pkg:pypi/django@4.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-wa3g-27sx-mbcw
15
vulnerability VCID-whgc-pt2s-77ar
16
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22
1
url pkg:pypi/django@5.1.10
purl pkg:pypi/django@5.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-whgc-pt2s-77ar
5
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10
2
url pkg:pypi/django@5.2.2
purl pkg:pypi/django@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2
aliases CVE-2025-48432, PYSEC-2025-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6
7
url VCID-e12b-tw2c-53c9
vulnerability_id VCID-e12b-tw2c-53c9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41991, PYSEC-2024-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9
8
url VCID-e8j6-mybr-17fh
vulnerability_id VCID-e8j6-mybr-17fh
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39330, PYSEC-2024-58
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh
9
url VCID-fcg9-xypn-ykhf
vulnerability_id VCID-fcg9-xypn-ykhf
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
4
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
5
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
6
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
9
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
11
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
fixed_packages
0
url pkg:pypi/django@4.2.27
purl pkg:pypi/django@4.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-ga7z-wj4j-63h1
2
vulnerability VCID-jybd-p65h-xffy
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-phkp-9abp-f3dq
5
vulnerability VCID-r1vx-vv7d-gqaj
6
vulnerability VCID-shch-yusm-1uck
7
vulnerability VCID-shjc-2j68-2yfy
8
vulnerability VCID-tktt-vg92-6kae
9
vulnerability VCID-tuqc-c251-h7ds
10
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27
1
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
2
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases CVE-2025-64460, GHSA-vrcr-9hj9-jcg6, PYSEC-2025-109
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg9-xypn-ykhf
10
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
4
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
5
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
13
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
15
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
fixed_packages
0
url pkg:pypi/django@4.2.11
purl pkg:pypi/django@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-ga69-9y5g-77c3
11
vulnerability VCID-ga7z-wj4j-63h1
12
vulnerability VCID-hsjn-xnpp-5yeh
13
vulnerability VCID-jgv9-vdbm-sycd
14
vulnerability VCID-jybd-p65h-xffy
15
vulnerability VCID-kxdd-yzp3-r7cb
16
vulnerability VCID-pa7y-gpwp-6qgj
17
vulnerability VCID-phkp-9abp-f3dq
18
vulnerability VCID-qy1a-x3ff-4bc8
19
vulnerability VCID-r1vx-vv7d-gqaj
20
vulnerability VCID-rqqc-ta7c-ykgx
21
vulnerability VCID-s1rj-1xbw-fbg5
22
vulnerability VCID-shch-yusm-1uck
23
vulnerability VCID-shjc-2j68-2yfy
24
vulnerability VCID-tktt-vg92-6kae
25
vulnerability VCID-tuqc-c251-h7ds
26
vulnerability VCID-ud73-4t2c-n3at
27
vulnerability VCID-vgq9-s6th-yufg
28
vulnerability VCID-wa3g-27sx-mbcw
29
vulnerability VCID-whgc-pt2s-77ar
30
vulnerability VCID-xcmd-18ck-gqae
31
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11
1
url pkg:pypi/django@5.0.3
purl pkg:pypi/django@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-hsjn-xnpp-5yeh
5
vulnerability VCID-jgv9-vdbm-sycd
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-rqqc-ta7c-ykgx
10
vulnerability VCID-s1rj-1xbw-fbg5
11
vulnerability VCID-ud73-4t2c-n3at
12
vulnerability VCID-vgq9-s6th-yufg
13
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3
aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
11
url VCID-ga69-9y5g-77c3
vulnerability_id VCID-ga69-9y5g-77c3
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
reference_id
reference_type
scores
url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
4
reference_url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
reference_id
reference_type
scores
url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
5
reference_url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
reference_id
reference_type
scores
url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
6
reference_url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
reference_id
reference_type
scores
url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
9
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
reference_id CVE-2025-64458
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
11
reference_url https://github.com/advisories/GHSA-qw25-v68c-qjf3
reference_id GHSA-qw25-v68c-qjf3
reference_type
scores
url https://github.com/advisories/GHSA-qw25-v68c-qjf3
fixed_packages
0
url pkg:pypi/django@4.2.26
purl pkg:pypi/django@4.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-phkp-9abp-f3dq
7
vulnerability VCID-r1vx-vv7d-gqaj
8
vulnerability VCID-shch-yusm-1uck
9
vulnerability VCID-shjc-2j68-2yfy
10
vulnerability VCID-tktt-vg92-6kae
11
vulnerability VCID-tuqc-c251-h7ds
12
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26
1
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
2
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga69-9y5g-77c3
12
url VCID-ga7z-wj4j-63h1
vulnerability_id VCID-ga7z-wj4j-63h1
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
ASGI requests with a missing or understated `Content-Length` header could
bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading
`HttpRequest.body`, allowing remote attackers to load an unbounded request body into
memory.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Superior for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-33034, PYSEC-2026-49
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga7z-wj4j-63h1
13
url VCID-hsjn-xnpp-5yeh
vulnerability_id VCID-hsjn-xnpp-5yeh
summary An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.16
purl pkg:pypi/django@4.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-jybd-p65h-xffy
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-pa7y-gpwp-6qgj
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-qy1a-x3ff-4bc8
14
vulnerability VCID-r1vx-vv7d-gqaj
15
vulnerability VCID-shch-yusm-1uck
16
vulnerability VCID-shjc-2j68-2yfy
17
vulnerability VCID-tktt-vg92-6kae
18
vulnerability VCID-tuqc-c251-h7ds
19
vulnerability VCID-ud73-4t2c-n3at
20
vulnerability VCID-wa3g-27sx-mbcw
21
vulnerability VCID-whgc-pt2s-77ar
22
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16
1
url pkg:pypi/django@5.0.9
purl pkg:pypi/django@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-pa7y-gpwp-6qgj
2
vulnerability VCID-qw15-2kq7-wqed
3
vulnerability VCID-qy1a-x3ff-4bc8
4
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9
2
url pkg:pypi/django@5.1.1
purl pkg:pypi/django@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-ud73-4t2c-n3at
11
vulnerability VCID-whgc-pt2s-77ar
12
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1
aliases CVE-2024-45230, PYSEC-2024-102
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh
14
url VCID-jgv9-vdbm-sycd
vulnerability_id VCID-jgv9-vdbm-sycd
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41989, PYSEC-2024-67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd
15
url VCID-jybd-p65h-xffy
vulnerability_id VCID-jybd-p65h-xffy
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://groups.google.com/g/django-announce
4
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
reference_id CVE-2025-13473
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
7
reference_url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
reference_id GHSA-2mcm-79hx-8fxw
reference_type
scores
url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2025-13473, GHSA-2mcm-79hx-8fxw, PYSEC-2026-42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jybd-p65h-xffy
16
url VCID-kxdd-yzp3-r7cb
vulnerability_id VCID-kxdd-yzp3-r7cb
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Add permissions on inline model instances were not validated on submission of
forged `POST` data in `GenericInlineModelAdmin`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank N05ec@LZU-DSLab for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-4277, PYSEC-2026-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxdd-yzp3-r7cb
17
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/01/14/2
fixed_packages
0
url pkg:pypi/django@4.2.18
purl pkg:pypi/django@4.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-qy1a-x3ff-4bc8
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.18
1
url pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
1
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11
2
url pkg:pypi/django@5.1.5
purl pkg:pypi/django@5.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-qy1a-x3ff-4bc8
8
vulnerability VCID-whgc-pt2s-77ar
9
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5
aliases CVE-2024-56374, PYSEC-2025-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
18
url VCID-phkp-9abp-f3dq
vulnerability_id VCID-phkp-9abp-f3dq
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-3902, PYSEC-2026-51
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phkp-9abp-f3dq
19
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
3
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
4
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/03/06/12
fixed_packages
0
url pkg:pypi/django@4.2.20
purl pkg:pypi/django@4.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
18
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.20
1
url pkg:pypi/django@5.0.13
purl pkg:pypi/django@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13
2
url pkg:pypi/django@5.1.7
purl pkg:pypi/django@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-whgc-pt2s-77ar
8
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7
aliases CVE-2025-26699, PYSEC-2025-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
20
url VCID-r1vx-vv7d-gqaj
vulnerability_id VCID-r1vx-vv7d-gqaj
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Jiyong Yang for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
reference_id
reference_type
scores
url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
reference_id CVE-2025-14550
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
8
reference_url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
reference_id GHSA-33mw-q7rj-mjwj
reference_type
scores
url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2025-14550, GHSA-33mw-q7rj-mjwj, PYSEC-2026-43
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1vx-vv7d-gqaj
21
url VCID-rqqc-ta7c-ykgx
vulnerability_id VCID-rqqc-ta7c-ykgx
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41990, PYSEC-2024-68
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx
22
url VCID-s1rj-1xbw-fbg5
vulnerability_id VCID-s1rj-1xbw-fbg5
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39614, PYSEC-2024-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5
23
url VCID-shch-yusm-1uck
vulnerability_id VCID-shch-yusm-1uck
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id CVE-2026-1285
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
8
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1285, GHSA-4rrr-2h4v-f3j9, PYSEC-2026-45
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shch-yusm-1uck
24
url VCID-shjc-2j68-2yfy
vulnerability_id VCID-shjc-2j68-2yfy
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
4
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
7
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id CVE-2026-1312
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
9
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
url https://github.com/advisories/GHSA-6426-9fv3-65x8
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1312, GHSA-6426-9fv3-65x8, PYSEC-2026-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shjc-2j68-2yfy
25
url VCID-tktt-vg92-6kae
vulnerability_id VCID-tktt-vg92-6kae
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new
instances to be created via forged `POST` data.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Cantina for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-4292, PYSEC-2026-53
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tktt-vg92-6kae
26
url VCID-tuqc-c251-h7ds
vulnerability_id VCID-tuqc-c251-h7ds
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-33033, PYSEC-2026-48
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqc-c251-h7ds
27
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
3
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-pa7y-gpwp-6qgj
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-qy1a-x3ff-4bc8
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53907, PYSEC-2024-156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
28
url VCID-vgq9-s6th-yufg
vulnerability_id VCID-vgq9-s6th-yufg
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39329, PYSEC-2024-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg
29
url VCID-wa3g-27sx-mbcw
vulnerability_id VCID-wa3g-27sx-mbcw
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id CVE-2026-1287
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
8
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1287, GHSA-gvg8-93h5-g6qq, PYSEC-2026-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wa3g-27sx-mbcw
30
url VCID-whgc-pt2s-77ar
vulnerability_id VCID-whgc-pt2s-77ar
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
4
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
5
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
6
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
7
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
10
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
11
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
13
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
fixed_packages
0
url pkg:pypi/django@4.2.26
purl pkg:pypi/django@4.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-phkp-9abp-f3dq
7
vulnerability VCID-r1vx-vv7d-gqaj
8
vulnerability VCID-shch-yusm-1uck
9
vulnerability VCID-shjc-2j68-2yfy
10
vulnerability VCID-tktt-vg92-6kae
11
vulnerability VCID-tuqc-c251-h7ds
12
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26
1
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
2
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar
31
url VCID-xcmd-18ck-gqae
vulnerability_id VCID-xcmd-18ck-gqae
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-42005, PYSEC-2024-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae
32
url VCID-ynt9-h6ww-h7e9
vulnerability_id VCID-ynt9-h6ww-h7e9
summary An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
3
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
4
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
5
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/09/03/3
fixed_packages
0
url pkg:pypi/django@4.2.24
purl pkg:pypi/django@4.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-wa3g-27sx-mbcw
15
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24
1
url pkg:pypi/django@5.1.12
purl pkg:pypi/django@5.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12
2
url pkg:pypi/django@5.2.6
purl pkg:pypi/django@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6
aliases CVE-2025-57833, PYSEC-2025-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9
Fixing_vulnerabilities
0
url VCID-yuda-1mur-8bbq
vulnerability_id VCID-yuda-1mur-8bbq
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
4
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
5
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
6
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
13
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id CVE-2024-24680
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
16
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
fixed_packages
0
url pkg:pypi/django@3.2.24
purl pkg:pypi/django@3.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsaw-3ta1-x3dw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24
1
url pkg:pypi/django@4.2.10
purl pkg:pypi/django@4.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-fsaw-3ta1-x3dw
11
vulnerability VCID-ga69-9y5g-77c3
12
vulnerability VCID-ga7z-wj4j-63h1
13
vulnerability VCID-hsjn-xnpp-5yeh
14
vulnerability VCID-jgv9-vdbm-sycd
15
vulnerability VCID-jybd-p65h-xffy
16
vulnerability VCID-kxdd-yzp3-r7cb
17
vulnerability VCID-pa7y-gpwp-6qgj
18
vulnerability VCID-phkp-9abp-f3dq
19
vulnerability VCID-qy1a-x3ff-4bc8
20
vulnerability VCID-r1vx-vv7d-gqaj
21
vulnerability VCID-rqqc-ta7c-ykgx
22
vulnerability VCID-s1rj-1xbw-fbg5
23
vulnerability VCID-shch-yusm-1uck
24
vulnerability VCID-shjc-2j68-2yfy
25
vulnerability VCID-tktt-vg92-6kae
26
vulnerability VCID-tuqc-c251-h7ds
27
vulnerability VCID-ud73-4t2c-n3at
28
vulnerability VCID-vgq9-s6th-yufg
29
vulnerability VCID-wa3g-27sx-mbcw
30
vulnerability VCID-whgc-pt2s-77ar
31
vulnerability VCID-xcmd-18ck-gqae
32
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10
2
url pkg:pypi/django@5.0.2
purl pkg:pypi/django@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-fsaw-3ta1-x3dw
5
vulnerability VCID-hsjn-xnpp-5yeh
6
vulnerability VCID-jgv9-vdbm-sycd
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-rqqc-ta7c-ykgx
11
vulnerability VCID-s1rj-1xbw-fbg5
12
vulnerability VCID-ud73-4t2c-n3at
13
vulnerability VCID-vgq9-s6th-yufg
14
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2
aliases CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10