Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.2.14
Typepypi
Namespace
Namedjango
Version4.2.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.30
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-2ft7-rbey-kuhx
vulnerability_id VCID-2ft7-rbey-kuhx
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-pa7y-gpwp-6qgj
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-qy1a-x3ff-4bc8
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53908, PYSEC-2024-157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx
1
url VCID-4kcg-gx5y-cuaw
vulnerability_id VCID-4kcg-gx5y-cuaw
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id CVE-2026-1207
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
8
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
url https://github.com/advisories/GHSA-mwm9-4648-f68q
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1207, GHSA-mwm9-4648-f68q, PYSEC-2026-44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kcg-gx5y-cuaw
2
url VCID-5xtt-au84-zbb2
vulnerability_id VCID-5xtt-au84-zbb2
summary An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
4
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
6
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
7
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
8
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/10/01/3
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
10
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
fixed_packages
0
url pkg:pypi/django@4.2.25
purl pkg:pypi/django@4.2.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-ga7z-wj4j-63h1
5
vulnerability VCID-jybd-p65h-xffy
6
vulnerability VCID-kxdd-yzp3-r7cb
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
14
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.25
1
url pkg:pypi/django@5.1.13
purl pkg:pypi/django@5.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
2
vulnerability VCID-ga69-9y5g-77c3
3
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.13
2
url pkg:pypi/django@5.2.7
purl pkg:pypi/django@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-m4am-h2ea-3ffr
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7
aliases CVE-2025-59681, GHSA-hpr9-3m2g-3j9p, PYSEC-2025-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xtt-au84-zbb2
3
url VCID-7c5n-nzwk-v7bz
vulnerability_id VCID-7c5n-nzwk-v7bz
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
reference_id
reference_type
scores
url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
4
reference_url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
reference_id
reference_type
scores
url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
5
reference_url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
reference_id
reference_type
scores
url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
6
reference_url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
7
reference_url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
10
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
reference_id CVE-2025-13372
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
12
reference_url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
reference_id GHSA-rqw2-ghq9-44m7
reference_type
scores
url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
fixed_packages
0
url pkg:pypi/django@4.2.27
purl pkg:pypi/django@4.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-ga7z-wj4j-63h1
2
vulnerability VCID-jybd-p65h-xffy
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-phkp-9abp-f3dq
5
vulnerability VCID-r1vx-vv7d-gqaj
6
vulnerability VCID-shch-yusm-1uck
7
vulnerability VCID-shjc-2j68-2yfy
8
vulnerability VCID-tktt-vg92-6kae
9
vulnerability VCID-tuqc-c251-h7ds
10
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27
1
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
2
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases CVE-2025-13372, GHSA-rqw2-ghq9-44m7, PYSEC-2025-104
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c5n-nzwk-v7bz
4
url VCID-9kvc-1bdz-n3bd
vulnerability_id VCID-9kvc-1bdz-n3bd
summary denial of service
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
23
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
24
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
25
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
26
reference_url http://www.openwall.com/lists/oss-security/2025/05/07/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/05/07/1
27
reference_url https://security.archlinux.org/ASA-202505-10
reference_id ASA-202505-10
reference_type
scores
url https://security.archlinux.org/ASA-202505-10
28
reference_url https://security.archlinux.org/AVG-2876
reference_id AVG-2876
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2876
fixed_packages
0
url pkg:pypi/django@4.2.21
purl pkg:pypi/django@4.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
16
vulnerability VCID-whgc-pt2s-77ar
17
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.21
1
url pkg:pypi/django@5.1.9
purl pkg:pypi/django@5.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-bb8b-hq41-s7a6
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-whgc-pt2s-77ar
6
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.9
2
url pkg:pypi/django@5.2.1
purl pkg:pypi/django@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-jybd-p65h-xffy
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1
aliases CVE-2025-32873, PYSEC-2025-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvc-1bdz-n3bd
5
url VCID-bb8b-hq41-s7a6
vulnerability_id VCID-bb8b-hq41-s7a6
summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/06/04/5
fixed_packages
0
url pkg:pypi/django@4.2.22
purl pkg:pypi/django@4.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-wa3g-27sx-mbcw
15
vulnerability VCID-whgc-pt2s-77ar
16
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22
1
url pkg:pypi/django@5.1.10
purl pkg:pypi/django@5.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-whgc-pt2s-77ar
5
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10
2
url pkg:pypi/django@5.2.2
purl pkg:pypi/django@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2
aliases CVE-2025-48432, PYSEC-2025-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6
6
url VCID-e12b-tw2c-53c9
vulnerability_id VCID-e12b-tw2c-53c9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41991, PYSEC-2024-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9
7
url VCID-fcg9-xypn-ykhf
vulnerability_id VCID-fcg9-xypn-ykhf
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
4
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
5
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
6
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
9
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
11
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
fixed_packages
0
url pkg:pypi/django@4.2.27
purl pkg:pypi/django@4.2.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-ga7z-wj4j-63h1
2
vulnerability VCID-jybd-p65h-xffy
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-phkp-9abp-f3dq
5
vulnerability VCID-r1vx-vv7d-gqaj
6
vulnerability VCID-shch-yusm-1uck
7
vulnerability VCID-shjc-2j68-2yfy
8
vulnerability VCID-tktt-vg92-6kae
9
vulnerability VCID-tuqc-c251-h7ds
10
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27
1
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
2
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases CVE-2025-64460, GHSA-vrcr-9hj9-jcg6, PYSEC-2025-109
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg9-xypn-ykhf
8
url VCID-ga69-9y5g-77c3
vulnerability_id VCID-ga69-9y5g-77c3
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
reference_id
reference_type
scores
url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
4
reference_url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
reference_id
reference_type
scores
url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
5
reference_url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
reference_id
reference_type
scores
url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
6
reference_url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
reference_id
reference_type
scores
url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
9
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
reference_id CVE-2025-64458
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
11
reference_url https://github.com/advisories/GHSA-qw25-v68c-qjf3
reference_id GHSA-qw25-v68c-qjf3
reference_type
scores
url https://github.com/advisories/GHSA-qw25-v68c-qjf3
fixed_packages
0
url pkg:pypi/django@4.2.26
purl pkg:pypi/django@4.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-phkp-9abp-f3dq
7
vulnerability VCID-r1vx-vv7d-gqaj
8
vulnerability VCID-shch-yusm-1uck
9
vulnerability VCID-shjc-2j68-2yfy
10
vulnerability VCID-tktt-vg92-6kae
11
vulnerability VCID-tuqc-c251-h7ds
12
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26
1
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
2
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga69-9y5g-77c3
9
url VCID-ga7z-wj4j-63h1
vulnerability_id VCID-ga7z-wj4j-63h1
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
ASGI requests with a missing or understated `Content-Length` header could
bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading
`HttpRequest.body`, allowing remote attackers to load an unbounded request body into
memory.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Superior for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-33034, PYSEC-2026-49
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga7z-wj4j-63h1
10
url VCID-hsjn-xnpp-5yeh
vulnerability_id VCID-hsjn-xnpp-5yeh
summary An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.16
purl pkg:pypi/django@4.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-jybd-p65h-xffy
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-pa7y-gpwp-6qgj
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-qy1a-x3ff-4bc8
14
vulnerability VCID-r1vx-vv7d-gqaj
15
vulnerability VCID-shch-yusm-1uck
16
vulnerability VCID-shjc-2j68-2yfy
17
vulnerability VCID-tktt-vg92-6kae
18
vulnerability VCID-tuqc-c251-h7ds
19
vulnerability VCID-ud73-4t2c-n3at
20
vulnerability VCID-wa3g-27sx-mbcw
21
vulnerability VCID-whgc-pt2s-77ar
22
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16
1
url pkg:pypi/django@5.0.9
purl pkg:pypi/django@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-pa7y-gpwp-6qgj
2
vulnerability VCID-qw15-2kq7-wqed
3
vulnerability VCID-qy1a-x3ff-4bc8
4
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9
2
url pkg:pypi/django@5.1.1
purl pkg:pypi/django@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-ud73-4t2c-n3at
11
vulnerability VCID-whgc-pt2s-77ar
12
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1
aliases CVE-2024-45230, PYSEC-2024-102
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh
11
url VCID-jgv9-vdbm-sycd
vulnerability_id VCID-jgv9-vdbm-sycd
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41989, PYSEC-2024-67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd
12
url VCID-jybd-p65h-xffy
vulnerability_id VCID-jybd-p65h-xffy
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://groups.google.com/g/django-announce
4
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
reference_id CVE-2025-13473
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
7
reference_url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
reference_id GHSA-2mcm-79hx-8fxw
reference_type
scores
url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2025-13473, GHSA-2mcm-79hx-8fxw, PYSEC-2026-42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jybd-p65h-xffy
13
url VCID-kxdd-yzp3-r7cb
vulnerability_id VCID-kxdd-yzp3-r7cb
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Add permissions on inline model instances were not validated on submission of
forged `POST` data in `GenericInlineModelAdmin`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank N05ec@LZU-DSLab for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-4277, PYSEC-2026-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxdd-yzp3-r7cb
14
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/01/14/2
fixed_packages
0
url pkg:pypi/django@4.2.18
purl pkg:pypi/django@4.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-qy1a-x3ff-4bc8
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.18
1
url pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
1
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11
2
url pkg:pypi/django@5.1.5
purl pkg:pypi/django@5.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-qy1a-x3ff-4bc8
8
vulnerability VCID-whgc-pt2s-77ar
9
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5
aliases CVE-2024-56374, PYSEC-2025-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
15
url VCID-phkp-9abp-f3dq
vulnerability_id VCID-phkp-9abp-f3dq
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-3902, PYSEC-2026-51
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phkp-9abp-f3dq
16
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
3
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
4
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/03/06/12
fixed_packages
0
url pkg:pypi/django@4.2.20
purl pkg:pypi/django@4.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
18
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.20
1
url pkg:pypi/django@5.0.13
purl pkg:pypi/django@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13
2
url pkg:pypi/django@5.1.7
purl pkg:pypi/django@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-whgc-pt2s-77ar
8
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7
aliases CVE-2025-26699, PYSEC-2025-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
17
url VCID-r1vx-vv7d-gqaj
vulnerability_id VCID-r1vx-vv7d-gqaj
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Jiyong Yang for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
reference_id
reference_type
scores
url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
reference_id CVE-2025-14550
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
8
reference_url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
reference_id GHSA-33mw-q7rj-mjwj
reference_type
scores
url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2025-14550, GHSA-33mw-q7rj-mjwj, PYSEC-2026-43
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1vx-vv7d-gqaj
18
url VCID-rqqc-ta7c-ykgx
vulnerability_id VCID-rqqc-ta7c-ykgx
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-41990, PYSEC-2024-68
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx
19
url VCID-shch-yusm-1uck
vulnerability_id VCID-shch-yusm-1uck
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id CVE-2026-1285
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
8
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1285, GHSA-4rrr-2h4v-f3j9, PYSEC-2026-45
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shch-yusm-1uck
20
url VCID-shjc-2j68-2yfy
vulnerability_id VCID-shjc-2j68-2yfy
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
4
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
7
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id CVE-2026-1312
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
9
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
url https://github.com/advisories/GHSA-6426-9fv3-65x8
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1312, GHSA-6426-9fv3-65x8, PYSEC-2026-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shjc-2j68-2yfy
21
url VCID-tktt-vg92-6kae
vulnerability_id VCID-tktt-vg92-6kae
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new
instances to be created via forged `POST` data.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Cantina for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-4292, PYSEC-2026-53
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tktt-vg92-6kae
22
url VCID-tuqc-c251-h7ds
vulnerability_id VCID-tuqc-c251-h7ds
summary 
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.30
purl pkg:pypi/django@4.2.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30
1
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
2
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
aliases CVE-2026-33033, PYSEC-2026-48
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqc-c251-h7ds
23
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
3
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-pa7y-gpwp-6qgj
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-qy1a-x3ff-4bc8
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53907, PYSEC-2024-156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
24
url VCID-wa3g-27sx-mbcw
vulnerability_id VCID-wa3g-27sx-mbcw
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
4
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://groups.google.com/g/django-announce
5
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
6
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id CVE-2026-1287
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
8
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
fixed_packages
0
url pkg:pypi/django@4.2.28
purl pkg:pypi/django@4.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ga7z-wj4j-63h1
1
vulnerability VCID-kxdd-yzp3-r7cb
2
vulnerability VCID-phkp-9abp-f3dq
3
vulnerability VCID-tktt-vg92-6kae
4
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28
1
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
2
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
aliases CVE-2026-1287, GHSA-gvg8-93h5-g6qq, PYSEC-2026-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wa3g-27sx-mbcw
25
url VCID-whgc-pt2s-77ar
vulnerability_id VCID-whgc-pt2s-77ar
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
4
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
5
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
6
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
7
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
10
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
11
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
13
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
fixed_packages
0
url pkg:pypi/django@4.2.26
purl pkg:pypi/django@4.2.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-phkp-9abp-f3dq
7
vulnerability VCID-r1vx-vv7d-gqaj
8
vulnerability VCID-shch-yusm-1uck
9
vulnerability VCID-shjc-2j68-2yfy
10
vulnerability VCID-tktt-vg92-6kae
11
vulnerability VCID-tuqc-c251-h7ds
12
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26
1
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
2
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar
26
url VCID-xcmd-18ck-gqae
vulnerability_id VCID-xcmd-18ck-gqae
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.15
purl pkg:pypi/django@4.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-jybd-p65h-xffy
11
vulnerability VCID-kxdd-yzp3-r7cb
12
vulnerability VCID-pa7y-gpwp-6qgj
13
vulnerability VCID-phkp-9abp-f3dq
14
vulnerability VCID-qy1a-x3ff-4bc8
15
vulnerability VCID-r1vx-vv7d-gqaj
16
vulnerability VCID-shch-yusm-1uck
17
vulnerability VCID-shjc-2j68-2yfy
18
vulnerability VCID-tktt-vg92-6kae
19
vulnerability VCID-tuqc-c251-h7ds
20
vulnerability VCID-ud73-4t2c-n3at
21
vulnerability VCID-wa3g-27sx-mbcw
22
vulnerability VCID-whgc-pt2s-77ar
23
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15
1
url pkg:pypi/django@5.0.8
purl pkg:pypi/django@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-hsjn-xnpp-5yeh
2
vulnerability VCID-pa7y-gpwp-6qgj
3
vulnerability VCID-qw15-2kq7-wqed
4
vulnerability VCID-qy1a-x3ff-4bc8
5
vulnerability VCID-ud73-4t2c-n3at
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8
aliases CVE-2024-42005, PYSEC-2024-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae
27
url VCID-ynt9-h6ww-h7e9
vulnerability_id VCID-ynt9-h6ww-h7e9
summary An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
3
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
4
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
5
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/09/03/3
fixed_packages
0
url pkg:pypi/django@4.2.24
purl pkg:pypi/django@4.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-wa3g-27sx-mbcw
15
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24
1
url pkg:pypi/django@5.1.12
purl pkg:pypi/django@5.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12
2
url pkg:pypi/django@5.2.6
purl pkg:pypi/django@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6
aliases CVE-2025-57833, PYSEC-2025-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9
Fixing_vulnerabilities
0
url VCID-9gq3-whr8-s7b8
vulnerability_id VCID-9gq3-whr8-s7b8
summary An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-38875, PYSEC-2024-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gq3-whr8-s7b8
1
url VCID-e8j6-mybr-17fh
vulnerability_id VCID-e8j6-mybr-17fh
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39330, PYSEC-2024-58
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh
2
url VCID-s1rj-1xbw-fbg5
vulnerability_id VCID-s1rj-1xbw-fbg5
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39614, PYSEC-2024-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5
3
url VCID-vgq9-s6th-yufg
vulnerability_id VCID-vgq9-s6th-yufg
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
2
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
fixed_packages
0
url pkg:pypi/django@4.2.14
purl pkg:pypi/django@4.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-bb8b-hq41-s7a6
6
vulnerability VCID-e12b-tw2c-53c9
7
vulnerability VCID-fcg9-xypn-ykhf
8
vulnerability VCID-ga69-9y5g-77c3
9
vulnerability VCID-ga7z-wj4j-63h1
10
vulnerability VCID-hsjn-xnpp-5yeh
11
vulnerability VCID-jgv9-vdbm-sycd
12
vulnerability VCID-jybd-p65h-xffy
13
vulnerability VCID-kxdd-yzp3-r7cb
14
vulnerability VCID-pa7y-gpwp-6qgj
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-qy1a-x3ff-4bc8
17
vulnerability VCID-r1vx-vv7d-gqaj
18
vulnerability VCID-rqqc-ta7c-ykgx
19
vulnerability VCID-shch-yusm-1uck
20
vulnerability VCID-shjc-2j68-2yfy
21
vulnerability VCID-tktt-vg92-6kae
22
vulnerability VCID-tuqc-c251-h7ds
23
vulnerability VCID-ud73-4t2c-n3at
24
vulnerability VCID-wa3g-27sx-mbcw
25
vulnerability VCID-whgc-pt2s-77ar
26
vulnerability VCID-xcmd-18ck-gqae
27
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14
1
url pkg:pypi/django@5.0.7
purl pkg:pypi/django@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-e12b-tw2c-53c9
2
vulnerability VCID-hsjn-xnpp-5yeh
3
vulnerability VCID-jgv9-vdbm-sycd
4
vulnerability VCID-pa7y-gpwp-6qgj
5
vulnerability VCID-qw15-2kq7-wqed
6
vulnerability VCID-qy1a-x3ff-4bc8
7
vulnerability VCID-rqqc-ta7c-ykgx
8
vulnerability VCID-ud73-4t2c-n3at
9
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7
aliases CVE-2024-39329, PYSEC-2024-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14