Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@5.0.3
Typepypi
Namespace
Namedjango
Version5.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.14
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-2ft7-rbey-kuhx
vulnerability_id VCID-2ft7-rbey-kuhx
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
1
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53908, PYSEC-2024-157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx
1
url VCID-9gq3-whr8-s7b8
vulnerability_id VCID-9gq3-whr8-s7b8
summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-38875, PYSEC-2024-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gq3-whr8-s7b8
2
url VCID-e12b-tw2c-53c9
vulnerability_id VCID-e12b-tw2c-53c9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41991, PYSEC-2024-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9
3
url VCID-e8j6-mybr-17fh
vulnerability_id VCID-e8j6-mybr-17fh
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39330, PYSEC-2024-58
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh
4
url VCID-hsjn-xnpp-5yeh
vulnerability_id VCID-hsjn-xnpp-5yeh
summary An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.9
purl pkg:pypi/django@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-pa7y-gpwp-6qgj
2
vulnerability VCID-qw15-2kq7-wqed
3
vulnerability VCID-qy1a-x3ff-4bc8
4
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9
1
url pkg:pypi/django@5.1.1
purl pkg:pypi/django@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-ud73-4t2c-n3at
11
vulnerability VCID-whgc-pt2s-77ar
12
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1
aliases CVE-2024-45230, PYSEC-2024-102
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh
5
url VCID-jgv9-vdbm-sycd
vulnerability_id VCID-jgv9-vdbm-sycd
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41989, PYSEC-2024-67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd
6
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/01/14/2
fixed_packages
0
url pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
1
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11
1
url pkg:pypi/django@5.1.5
purl pkg:pypi/django@5.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-qy1a-x3ff-4bc8
8
vulnerability VCID-whgc-pt2s-77ar
9
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5
aliases CVE-2024-56374, PYSEC-2025-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
7
url VCID-qw15-2kq7-wqed
vulnerability_id VCID-qw15-2kq7-wqed
summary An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/04/02/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/04/02/2
fixed_packages
0
url pkg:pypi/django@5.0.14
purl pkg:pypi/django@5.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14
1
url pkg:pypi/django@5.1.8
purl pkg:pypi/django@5.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-whgc-pt2s-77ar
7
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8
aliases CVE-2025-27556, PYSEC-2025-14
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed
8
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
3
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
4
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/03/06/12
fixed_packages
0
url pkg:pypi/django@5.0.13
purl pkg:pypi/django@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13
1
url pkg:pypi/django@5.1.7
purl pkg:pypi/django@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-whgc-pt2s-77ar
8
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7
aliases CVE-2025-26699, PYSEC-2025-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
9
url VCID-rqqc-ta7c-ykgx
vulnerability_id VCID-rqqc-ta7c-ykgx
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41990, PYSEC-2024-68
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx
10
url VCID-s1rj-1xbw-fbg5
vulnerability_id VCID-s1rj-1xbw-fbg5
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39614, PYSEC-2024-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5
11
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
3
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
1
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53907, PYSEC-2024-156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
12
url VCID-vgq9-s6th-yufg
vulnerability_id VCID-vgq9-s6th-yufg
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39329, PYSEC-2024-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg
13
url VCID-xcmd-18ck-gqae
vulnerability_id VCID-xcmd-18ck-gqae
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-42005, PYSEC-2024-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae
Fixing_vulnerabilities
0
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
4
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
5
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
13
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
15
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
fixed_packages
0
url pkg:pypi/django@3.2.25
purl pkg:pypi/django@3.2.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25
1
url pkg:pypi/django@4.2.11
purl pkg:pypi/django@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-ga69-9y5g-77c3
11
vulnerability VCID-ga7z-wj4j-63h1
12
vulnerability VCID-hsjn-xnpp-5yeh
13
vulnerability VCID-jgv9-vdbm-sycd
14
vulnerability VCID-jybd-p65h-xffy
15
vulnerability VCID-kxdd-yzp3-r7cb
16
vulnerability VCID-pa7y-gpwp-6qgj
17
vulnerability VCID-phkp-9abp-f3dq
18
vulnerability VCID-qy1a-x3ff-4bc8
19
vulnerability VCID-r1vx-vv7d-gqaj
20
vulnerability VCID-rqqc-ta7c-ykgx
21
vulnerability VCID-s1rj-1xbw-fbg5
22
vulnerability VCID-shch-yusm-1uck
23
vulnerability VCID-shjc-2j68-2yfy
24
vulnerability VCID-tktt-vg92-6kae
25
vulnerability VCID-tuqc-c251-h7ds
26
vulnerability VCID-ud73-4t2c-n3at
27
vulnerability VCID-vgq9-s6th-yufg
28
vulnerability VCID-wa3g-27sx-mbcw
29
vulnerability VCID-whgc-pt2s-77ar
30
vulnerability VCID-xcmd-18ck-gqae
31
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11
2
url pkg:pypi/django@5.0.3
purl pkg:pypi/django@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-hsjn-xnpp-5yeh
5
vulnerability VCID-jgv9-vdbm-sycd
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-rqqc-ta7c-ykgx
10
vulnerability VCID-s1rj-1xbw-fbg5
11
vulnerability VCID-ud73-4t2c-n3at
12
vulnerability VCID-vgq9-s6th-yufg
13
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3
aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3