Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@5.0.2
Typepypi
Namespace
Namedjango
Version5.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.14
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-2ft7-rbey-kuhx
vulnerability_id VCID-2ft7-rbey-kuhx
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
1
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53908, PYSEC-2024-157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx
1
url VCID-9gq3-whr8-s7b8
vulnerability_id VCID-9gq3-whr8-s7b8
summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-38875, PYSEC-2024-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gq3-whr8-s7b8
2
url VCID-e12b-tw2c-53c9
vulnerability_id VCID-e12b-tw2c-53c9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41991, PYSEC-2024-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9
3
url VCID-e8j6-mybr-17fh
vulnerability_id VCID-e8j6-mybr-17fh
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39330, PYSEC-2024-58
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh
4
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
4
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
5
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
13
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
15
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
fixed_packages
0
url pkg:pypi/django@5.0.3
purl pkg:pypi/django@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-hsjn-xnpp-5yeh
5
vulnerability VCID-jgv9-vdbm-sycd
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-rqqc-ta7c-ykgx
10
vulnerability VCID-s1rj-1xbw-fbg5
11
vulnerability VCID-ud73-4t2c-n3at
12
vulnerability VCID-vgq9-s6th-yufg
13
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3
aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
5
url VCID-hsjn-xnpp-5yeh
vulnerability_id VCID-hsjn-xnpp-5yeh
summary An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.9
purl pkg:pypi/django@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-pa7y-gpwp-6qgj
2
vulnerability VCID-qw15-2kq7-wqed
3
vulnerability VCID-qy1a-x3ff-4bc8
4
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9
1
url pkg:pypi/django@5.1.1
purl pkg:pypi/django@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-ud73-4t2c-n3at
11
vulnerability VCID-whgc-pt2s-77ar
12
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1
aliases CVE-2024-45230, PYSEC-2024-102
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh
6
url VCID-jgv9-vdbm-sycd
vulnerability_id VCID-jgv9-vdbm-sycd
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41989, PYSEC-2024-67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd
7
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/01/14/2
fixed_packages
0
url pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
1
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11
1
url pkg:pypi/django@5.1.5
purl pkg:pypi/django@5.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-qy1a-x3ff-4bc8
8
vulnerability VCID-whgc-pt2s-77ar
9
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5
aliases CVE-2024-56374, PYSEC-2025-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
8
url VCID-qw15-2kq7-wqed
vulnerability_id VCID-qw15-2kq7-wqed
summary An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/04/02/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/04/02/2
fixed_packages
0
url pkg:pypi/django@5.0.14
purl pkg:pypi/django@5.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14
1
url pkg:pypi/django@5.1.8
purl pkg:pypi/django@5.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-whgc-pt2s-77ar
7
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8
aliases CVE-2025-27556, PYSEC-2025-14
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed
9
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
3
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
4
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/03/06/12
fixed_packages
0
url pkg:pypi/django@5.0.13
purl pkg:pypi/django@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13
1
url pkg:pypi/django@5.1.7
purl pkg:pypi/django@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-whgc-pt2s-77ar
8
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7
aliases CVE-2025-26699, PYSEC-2025-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
10
url VCID-rqqc-ta7c-ykgx
vulnerability_id VCID-rqqc-ta7c-ykgx
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41990, PYSEC-2024-68
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx
11
url VCID-s1rj-1xbw-fbg5
vulnerability_id VCID-s1rj-1xbw-fbg5
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39614, PYSEC-2024-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5
12
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
3
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
1
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53907, PYSEC-2024-156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
13
url VCID-vgq9-s6th-yufg
vulnerability_id VCID-vgq9-s6th-yufg
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39329, PYSEC-2024-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg
14
url VCID-xcmd-18ck-gqae
vulnerability_id VCID-xcmd-18ck-gqae
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-42005, PYSEC-2024-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae
Fixing_vulnerabilities
0
url VCID-yuda-1mur-8bbq
vulnerability_id VCID-yuda-1mur-8bbq
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
4
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
5
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
6
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
13
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id CVE-2024-24680
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
16
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
fixed_packages
0
url pkg:pypi/django@3.2.24
purl pkg:pypi/django@3.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsaw-3ta1-x3dw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24
1
url pkg:pypi/django@4.2.10
purl pkg:pypi/django@4.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-fsaw-3ta1-x3dw
11
vulnerability VCID-ga69-9y5g-77c3
12
vulnerability VCID-ga7z-wj4j-63h1
13
vulnerability VCID-hsjn-xnpp-5yeh
14
vulnerability VCID-jgv9-vdbm-sycd
15
vulnerability VCID-jybd-p65h-xffy
16
vulnerability VCID-kxdd-yzp3-r7cb
17
vulnerability VCID-pa7y-gpwp-6qgj
18
vulnerability VCID-phkp-9abp-f3dq
19
vulnerability VCID-qy1a-x3ff-4bc8
20
vulnerability VCID-r1vx-vv7d-gqaj
21
vulnerability VCID-rqqc-ta7c-ykgx
22
vulnerability VCID-s1rj-1xbw-fbg5
23
vulnerability VCID-shch-yusm-1uck
24
vulnerability VCID-shjc-2j68-2yfy
25
vulnerability VCID-tktt-vg92-6kae
26
vulnerability VCID-tuqc-c251-h7ds
27
vulnerability VCID-ud73-4t2c-n3at
28
vulnerability VCID-vgq9-s6th-yufg
29
vulnerability VCID-wa3g-27sx-mbcw
30
vulnerability VCID-whgc-pt2s-77ar
31
vulnerability VCID-xcmd-18ck-gqae
32
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10
2
url pkg:pypi/django@5.0.2
purl pkg:pypi/django@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-fsaw-3ta1-x3dw
5
vulnerability VCID-hsjn-xnpp-5yeh
6
vulnerability VCID-jgv9-vdbm-sycd
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-rqqc-ta7c-ykgx
11
vulnerability VCID-s1rj-1xbw-fbg5
12
vulnerability VCID-ud73-4t2c-n3at
13
vulnerability VCID-vgq9-s6th-yufg
14
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2
aliases CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2