Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/42456?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/42456?format=api", "purl": "pkg:pypi/django@4.2.16", "type": "pypi", "namespace": "", "name": "django", "version": "4.2.16", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.30", "latest_non_vulnerable_version": "6.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9286?format=api", "vulnerability_id": "VCID-1umb-2rxg-bbdk", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77711", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53907" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288", "reference_id": "2329288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288" }, { "reference_url": "https://github.com/advisories/GHSA-8498-2h75-472j", "reference_id": "GHSA-8498-2h75-472j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8498-2h75-472j" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11144", "reference_id": "RHSA-2024:11144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11146", "reference_id": "RHSA-2024:11146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0340", "reference_id": "RHSA-2025:0340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0777", "reference_id": "RHSA-2025:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0777" }, { "reference_url": "https://usn.ubuntu.com/7136-1/", "reference_id": "USN-7136-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-1/" }, { "reference_url": "https://usn.ubuntu.com/7136-2/", "reference_id": "USN-7136-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43093?format=api", "purl": "pkg:pypi/django@4.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/43092?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/43091?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "BIT-django-2024-53907", "CVE-2024-53907", "GHSA-8498-2h75-472j", "PYSEC-2024-156" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1umb-2rxg-bbdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9603?format=api", "vulnerability_id": "VCID-32d1-b8f2-hud5", "summary": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nASGI requests with a missing or understated `Content-Length` header could\nbypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading\n`HttpRequest.body`, allowing remote attackers to load an unbounded request body into\nmemory.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Superior for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10784", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33034" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33034", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33034" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:43:43Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455927", "reference_id": "2455927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455927" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48114?format=api", "purl": "pkg:pypi/django@4.2.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/48115?format=api", "purl": "pkg:pypi/django@5.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/48116?format=api", "purl": "pkg:pypi/django@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4" } ], "aliases": [ "BIT-django-2026-33034", "CVE-2026-33034", "GHSA-933h-hp56-hf7m", "PYSEC-2026-49" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32d1-b8f2-hud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9487?format=api", "vulnerability_id": "VCID-3d6k-rdsh-k7hm", "summary": "An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\n`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Stackered for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00331", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13372" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf" }, { "reference_url": "https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0" }, { "reference_url": "https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e" }, { "reference_url": "https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355" }, { "reference_url": "https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788", "reference_id": "1121788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418372", "reference_id": "2418372", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418372" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13372", "reference_id": "CVE-2025-13372", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13372" }, { "reference_url": "https://github.com/advisories/GHSA-rqw2-ghq9-44m7", "reference_id": "GHSA-rqw2-ghq9-44m7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqw2-ghq9-44m7" }, { "reference_url": "https://usn.ubuntu.com/7903-1/", "reference_id": "USN-7903-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7903-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45494?format=api", "purl": "pkg:pypi/django@4.2.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/45495?format=api", "purl": "pkg:pypi/django@5.1.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/45496?format=api", "purl": "pkg:pypi/django@5.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9" } ], "aliases": [ "BIT-django-2025-13372", "CVE-2025-13372", "GHSA-rqw2-ghq9-44m7", "PYSEC-2025-104" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6k-rdsh-k7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9287?format=api", "vulnerability_id": "VCID-4vry-9jdm-nyg9", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76454", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53908" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53908", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53908" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329287", "reference_id": "2329287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329287" }, { "reference_url": "https://github.com/advisories/GHSA-m9g8-fxxm-xg86", "reference_id": "GHSA-m9g8-fxxm-xg86", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m9g8-fxxm-xg86" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11144", "reference_id": "RHSA-2024:11144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11146", "reference_id": "RHSA-2024:11146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0340", "reference_id": "RHSA-2025:0340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0721", "reference_id": "RHSA-2025:0721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0721" }, { "reference_url": "https://usn.ubuntu.com/7136-1/", "reference_id": "USN-7136-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43093?format=api", "purl": "pkg:pypi/django@4.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/43092?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/43091?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "BIT-django-2024-53908", "CVE-2024-53908", "GHSA-m9g8-fxxm-xg86", "PYSEC-2024-157" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vry-9jdm-nyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9532?format=api", "vulnerability_id": "VCID-5fbx-3yfb-fudx", "summary": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\nThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Stackered for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11039", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13473" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436343", "reference_id": "2436343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13473", "reference_id": "CVE-2025-13473", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13473" }, { "reference_url": "https://github.com/advisories/GHSA-2mcm-79hx-8fxw", "reference_id": "GHSA-2mcm-79hx-8fxw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2mcm-79hx-8fxw" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46120?format=api", "purl": "pkg:pypi/django@4.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/46121?format=api", "purl": "pkg:pypi/django@5.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/46122?format=api", "purl": "pkg:pypi/django@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2" } ], "aliases": [ "BIT-django-2025-13473", "CVE-2025-13473", "GHSA-2mcm-79hx-8fxw", "PYSEC-2026-42" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5fbx-3yfb-fudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9536?format=api", "vulnerability_id": "VCID-62jv-ab6d-sqdb", "summary": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Solomon Kebede for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01598", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1287" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339", "reference_id": "2436339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287", "reference_id": "CVE-2026-1287", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287" }, { "reference_url": "https://github.com/advisories/GHSA-gvg8-93h5-g6qq", "reference_id": "GHSA-gvg8-93h5-g6qq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvg8-93h5-g6qq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3960", "reference_id": "RHSA-2026:3960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3962", "reference_id": "RHSA-2026:3962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46120?format=api", "purl": "pkg:pypi/django@4.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/46121?format=api", "purl": "pkg:pypi/django@5.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/46122?format=api", "purl": "pkg:pypi/django@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2" } ], "aliases": [ "BIT-django-2026-1287", "CVE-2026-1287", "GHSA-gvg8-93h5-g6qq", "PYSEC-2026-46" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62jv-ab6d-sqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9602?format=api", "vulnerability_id": "VCID-63c7-mkxw-ufav", "summary": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15551", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33033" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33033", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33033" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:21:08Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455962", "reference_id": "2455962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455962" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" }, { "reference_url": "https://usn.ubuntu.com/8154-2/", "reference_id": "USN-8154-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48114?format=api", "purl": "pkg:pypi/django@4.2.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/48115?format=api", "purl": "pkg:pypi/django@5.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/48116?format=api", "purl": "pkg:pypi/django@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4" } ], "aliases": [ "BIT-django-2026-33033", "CVE-2026-33033", "GHSA-5mf9-h53q-7mhq", "PYSEC-2026-48" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63c7-mkxw-ufav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9488?format=api", "vulnerability_id": "VCID-7jbt-5zw2-vff2", "summary": "An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\nAlgorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20956", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b" }, { "reference_url": "https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5" }, { "reference_url": "https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0" }, { "reference_url": "https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788", "reference_id": "1121788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366", "reference_id": "2418366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460", "reference_id": "CVE-2025-64460", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460" }, { "reference_url": "https://github.com/advisories/GHSA-vrcr-9hj9-jcg6", "reference_id": "GHSA-vrcr-9hj9-jcg6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrcr-9hj9-jcg6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1249", "reference_id": "RHSA-2026:1249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1497", "reference_id": "RHSA-2026:1497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1506", "reference_id": "RHSA-2026:1506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1599", "reference_id": "RHSA-2026:1599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1609", "reference_id": "RHSA-2026:1609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1609" }, { "reference_url": "https://usn.ubuntu.com/7903-1/", "reference_id": "USN-7903-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7903-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45494?format=api", "purl": "pkg:pypi/django@4.2.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/45495?format=api", "purl": "pkg:pypi/django@5.1.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/45496?format=api", "purl": "pkg:pypi/django@5.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9" } ], "aliases": [ "BIT-django-2025-64460", "CVE-2025-64460", "GHSA-vrcr-9hj9-jcg6", "PYSEC-2025-109" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jbt-5zw2-vff2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9533?format=api", "vulnerability_id": "VCID-92bp-6kte-tyfs", "summary": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Jiyong Yang for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19503", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14550" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436341", "reference_id": "2436341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436341" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550", "reference_id": "CVE-2025-14550", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550" }, { "reference_url": "https://github.com/advisories/GHSA-33mw-q7rj-mjwj", "reference_id": "GHSA-33mw-q7rj-mjwj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33mw-q7rj-mjwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13508", "reference_id": "RHSA-2026:13508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46120?format=api", "purl": "pkg:pypi/django@4.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/46121?format=api", "purl": "pkg:pypi/django@5.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/46122?format=api", "purl": "pkg:pypi/django@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2" } ], "aliases": [ "BIT-django-2025-14550", "CVE-2025-14550", "GHSA-33mw-q7rj-mjwj", "PYSEC-2026-43" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92bp-6kte-tyfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9475?format=api", "vulnerability_id": "VCID-9udu-eqvn-mqbj", "summary": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07194", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242" }, { "reference_url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac" }, { "reference_url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f" }, { "reference_url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649", "reference_id": "2412649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458", "reference_id": "CVE-2025-64458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458" }, { "reference_url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3", "reference_id": "GHSA-qw25-v68c-qjf3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45324?format=api", "purl": "pkg:pypi/django@4.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/45325?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/45326?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" } ], "aliases": [ "BIT-django-2025-64458", "CVE-2025-64458", "GHSA-qw25-v68c-qjf3", "PYSEC-2025-107" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9udu-eqvn-mqbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9440?format=api", "vulnerability_id": "VCID-ax7m-uv4s-zkc1", "summary": "An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17327", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5" }, { "reference_url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92" }, { "reference_url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html" }, { "reference_url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865", "reference_id": "1113865", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990", "reference_id": "2392990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990" }, { "reference_url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w", "reference_id": "GHSA-6w2r-r2m5-xq5w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16403", "reference_id": "RHSA-2025:16403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16404", "reference_id": "RHSA-2025:16404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16514", "reference_id": "RHSA-2025:16514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17498", "reference_id": "RHSA-2025:17498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17499", "reference_id": "RHSA-2025:17499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17500", "reference_id": "RHSA-2025:17500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17606", "reference_id": "RHSA-2025:17606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17613", "reference_id": "RHSA-2025:17613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17614", "reference_id": "RHSA-2025:17614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17614" }, { "reference_url": "https://usn.ubuntu.com/7736-1/", "reference_id": "USN-7736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45196?format=api", "purl": "pkg:pypi/django@4.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/45197?format=api", "purl": "pkg:pypi/django@5.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/45198?format=api", "purl": "pkg:pypi/django@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6" } ], "aliases": [ "BIT-django-2025-57833", "CVE-2025-57833", "GHSA-6w2r-r2m5-xq5w", "PYSEC-2025-105" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7m-uv4s-zkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9535?format=api", "vulnerability_id": "VCID-cbsj-1qqg-1ba6", "summary": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20962", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1285" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340", "reference_id": "2436340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285", "reference_id": "CVE-2026-1285", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285" }, { "reference_url": "https://github.com/advisories/GHSA-4rrr-2h4v-f3j9", "reference_id": "GHSA-4rrr-2h4v-f3j9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4rrr-2h4v-f3j9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46120?format=api", "purl": "pkg:pypi/django@4.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/46121?format=api", "purl": "pkg:pypi/django@5.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/46122?format=api", "purl": "pkg:pypi/django@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2" } ], "aliases": [ "BIT-django-2026-1285", "CVE-2026-1285", "GHSA-4rrr-2h4v-f3j9", "PYSEC-2026-45" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbsj-1qqg-1ba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9606?format=api", "vulnerability_id": "VCID-cg44-thdw-cygg", "summary": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nAdmin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new\ninstances to be created via forged `POST` data.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Cantina for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02704", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4292" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4292", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4292" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:12:50Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455941", "reference_id": "2455941", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455941" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" }, { "reference_url": "https://usn.ubuntu.com/8154-2/", "reference_id": "USN-8154-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48114?format=api", "purl": "pkg:pypi/django@4.2.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/48115?format=api", "purl": "pkg:pypi/django@5.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/48116?format=api", "purl": "pkg:pypi/django@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4" } ], "aliases": [ "BIT-django-2026-4292", "CVE-2026-4292", "GHSA-mmwr-2jhp-mc7j", "PYSEC-2026-53" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cg44-thdw-cygg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9294?format=api", "vulnerability_id": "VCID-chey-b3c1-pbe5", "summary": "An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24578", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe" }, { "reference_url": "https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e" }, { "reference_url": "https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf" }, { "reference_url": "https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56374" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/01/14/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049", "reference_id": "1093049", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337996", "reference_id": "2337996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337996" }, { "reference_url": "https://github.com/advisories/GHSA-qcgg-j2x8-h9g8", "reference_id": "GHSA-qcgg-j2x8-h9g8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qcgg-j2x8-h9g8" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0722", "reference_id": "RHSA-2025:0722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0777", "reference_id": "RHSA-2025:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0782", "reference_id": "RHSA-2025:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2399", "reference_id": "RHSA-2025:2399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4576", "reference_id": "RHSA-2025:4576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4576" }, { "reference_url": "https://usn.ubuntu.com/7205-1/", "reference_id": "USN-7205-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7205-1/" }, { "reference_url": "https://usn.ubuntu.com/7205-2/", "reference_id": "USN-7205-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7205-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43227?format=api", "purl": "pkg:pypi/django@4.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/43226?format=api", "purl": "pkg:pypi/django@5.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/43225?format=api", "purl": "pkg:pypi/django@5.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5" } ], "aliases": [ "BIT-django-2024-56374", "CVE-2024-56374", "GHSA-qcgg-j2x8-h9g8", "PYSEC-2025-1" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chey-b3c1-pbe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5021?format=api", "vulnerability_id": "VCID-em3c-ceug-cubp", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40408", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32873" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32873" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/05/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/05/07/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872", "reference_id": "1104872", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364980", "reference_id": "2364980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364980" }, { "reference_url": "https://security.archlinux.org/ASA-202505-10", "reference_id": "ASA-202505-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-10" }, { "reference_url": "https://security.archlinux.org/AVG-2876", "reference_id": "AVG-2876", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2876" }, { "reference_url": "https://github.com/advisories/GHSA-8j24-cjrq-gr2m", "reference_id": "GHSA-8j24-cjrq-gr2m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8j24-cjrq-gr2m" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/7501-1/", "reference_id": "USN-7501-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7501-1/" }, { "reference_url": "https://usn.ubuntu.com/7501-2/", "reference_id": "USN-7501-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7501-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43932?format=api", "purl": "pkg:pypi/django@4.2.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/43933?format=api", "purl": "pkg:pypi/django@5.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/43934?format=api", "purl": "pkg:pypi/django@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1" } ], "aliases": [ "BIT-django-2025-32873", "CVE-2025-32873", "GHSA-8j24-cjrq-gr2m", "PYSEC-2025-37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-em3c-ceug-cubp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9537?format=api", "vulnerability_id": "VCID-enen-3w2h-g3b8", "summary": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Solomon Kebede for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01598", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1312" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84" }, { "reference_url": "https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342", "reference_id": "2436342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312", "reference_id": "CVE-2026-1312", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312" }, { "reference_url": "https://github.com/advisories/GHSA-6426-9fv3-65x8", "reference_id": "GHSA-6426-9fv3-65x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6426-9fv3-65x8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3960", "reference_id": "RHSA-2026:3960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3962", "reference_id": "RHSA-2026:3962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46120?format=api", "purl": "pkg:pypi/django@4.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/46121?format=api", "purl": "pkg:pypi/django@5.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/46122?format=api", "purl": "pkg:pypi/django@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2" } ], "aliases": [ "BIT-django-2026-1312", "CVE-2026-1312", "GHSA-6426-9fv3-65x8", "PYSEC-2026-47" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enen-3w2h-g3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6372?format=api", "vulnerability_id": "VCID-fbee-vj2y-cfeb", "summary": "content spoofing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.6171", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/04/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/04/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282", "reference_id": "1107282", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365", "reference_id": "2370365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365" }, { "reference_url": "https://security.archlinux.org/ASA-202506-6", "reference_id": "ASA-202506-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-6" }, { "reference_url": "https://security.archlinux.org/AVG-2894", "reference_id": "AVG-2894", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2894" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/", "reference_id": "bugfix-releases", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/" }, { "reference_url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9", "reference_id": "GHSA-7xr5-9hcq-chf9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14686", "reference_id": "RHSA-2025:14686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://usn.ubuntu.com/7555-1/", "reference_id": "USN-7555-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7555-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44195?format=api", "purl": "pkg:pypi/django@4.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/44194?format=api", "purl": "pkg:pypi/django@5.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/44193?format=api", "purl": "pkg:pypi/django@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2" } ], "aliases": [ "BIT-django-2025-48432", "CVE-2025-48432", "GHSA-7xr5-9hcq-chf9", "PYSEC-2025-47" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbee-vj2y-cfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9605?format=api", "vulnerability_id": "VCID-heum-8mwz-sbcw", "summary": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nAdd permissions on inline model instances were not validated on submission of\nforged `POST` data in `GenericInlineModelAdmin`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank N05ec@LZU-DSLab for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0645", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4277" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4277", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4277" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455939", "reference_id": "2455939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455939" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" }, { "reference_url": "https://usn.ubuntu.com/8154-2/", "reference_id": "USN-8154-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48114?format=api", "purl": "pkg:pypi/django@4.2.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/48115?format=api", "purl": "pkg:pypi/django@5.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/48116?format=api", "purl": "pkg:pypi/django@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4" } ], "aliases": [ "BIT-django-2026-4277", "CVE-2026-4277", "GHSA-pwjp-ccjc-ghwg", "PYSEC-2026-52" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-heum-8mwz-sbcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9604?format=api", "vulnerability_id": "VCID-j2uz-w2ur-7ud4", "summary": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.04025", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3902" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3902", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3902" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:14:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/apr/07/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927", "reference_id": "1132927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455935", "reference_id": "2455935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455935" }, { "reference_url": "https://usn.ubuntu.com/8154-1/", "reference_id": "USN-8154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8154-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48114?format=api", "purl": "pkg:pypi/django@4.2.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/48115?format=api", "purl": "pkg:pypi/django@5.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/48116?format=api", "purl": "pkg:pypi/django@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-g22z-jue5-8udz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4" } ], "aliases": [ "BIT-django-2026-3902", "CVE-2026-3902", "GHSA-mvfq-ggxm-9mc5", "PYSEC-2026-51" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2uz-w2ur-7ud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9534?format=api", "vulnerability_id": "VCID-jma1-9ags-xbfm", "summary": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\nRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05295", "scoring_system": "epss", "scoring_elements": "0.90167", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1207" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/" } ], "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914", "reference_id": "1126914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338", "reference_id": "2436338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207", "reference_id": "CVE-2026-1207", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207" }, { "reference_url": "https://github.com/advisories/GHSA-mwm9-4648-f68q", "reference_id": "GHSA-mwm9-4648-f68q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwm9-4648-f68q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694", "reference_id": "RHSA-2026:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3958", "reference_id": "RHSA-2026:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3959", "reference_id": "RHSA-2026:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3960", "reference_id": "RHSA-2026:3960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3962", "reference_id": "RHSA-2026:3962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6291", "reference_id": "RHSA-2026:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6291" }, { "reference_url": "https://usn.ubuntu.com/8009-1/", "reference_id": "USN-8009-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8009-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46120?format=api", "purl": "pkg:pypi/django@4.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/46121?format=api", "purl": "pkg:pypi/django@5.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/46122?format=api", "purl": "pkg:pypi/django@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2" } ], "aliases": [ "BIT-django-2026-1207", "CVE-2026-1207", "GHSA-mwm9-4648-f68q", "PYSEC-2026-44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jma1-9ags-xbfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9320?format=api", "vulnerability_id": "VCID-nyc2-p1rp-xkb4", "summary": "An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26699" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/03/06/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/03/06/12" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682", "reference_id": "1099682", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348993", "reference_id": "2348993", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348993" }, { "reference_url": "https://github.com/advisories/GHSA-p3fp-8748-vqfq", "reference_id": "GHSA-p3fp-8748-vqfq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p3fp-8748-vqfq" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3160", "reference_id": "RHSA-2025:3160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3162", "reference_id": "RHSA-2025:3162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3709", "reference_id": "RHSA-2025:3709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4553", "reference_id": "RHSA-2025:4553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8609", "reference_id": "RHSA-2025:8609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8609" }, { "reference_url": "https://usn.ubuntu.com/7335-1/", "reference_id": "USN-7335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43496?format=api", "purl": "pkg:pypi/django@4.2.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/43495?format=api", "purl": "pkg:pypi/django@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/43494?format=api", "purl": "pkg:pypi/django@5.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7" } ], "aliases": [ "BIT-django-2025-26699", "CVE-2025-26699", "GHSA-p3fp-8748-vqfq", "PYSEC-2025-13" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyc2-p1rp-xkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9476?format=api", "vulnerability_id": "VCID-u15a-4ste-43cy", "summary": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49195", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85" }, { "reference_url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4" }, { "reference_url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b" }, { "reference_url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241" }, { "reference_url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139", "reference_id": "1120139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651", "reference_id": "2412651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py", "reference_id": "CVE-2025-64459", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459", "reference_id": "CVE-2025-64459", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459" }, { "reference_url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr", "reference_id": "GHSA-frmv-pr5f-9mcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23069", "reference_id": "RHSA-2025:23069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23070", "reference_id": "RHSA-2025:23070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23130", "reference_id": "RHSA-2025:23130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23131", "reference_id": "RHSA-2025:23131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23133", "reference_id": "RHSA-2025:23133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1596", "reference_id": "RHSA-2026:1596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1596" }, { "reference_url": "https://usn.ubuntu.com/7859-1/", "reference_id": "USN-7859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45324?format=api", "purl": "pkg:pypi/django@4.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/45325?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/45326?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" } ], "aliases": [ "BIT-django-2025-64459", "CVE-2025-64459", "GHSA-frmv-pr5f-9mcr", "PYSEC-2025-108" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u15a-4ste-43cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9464?format=api", "vulnerability_id": "VCID-vpgq-jhzc-j7h2", "summary": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02764", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59681" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a" }, { "reference_url": "https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/01/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/01/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979", "reference_id": "1116979", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400449", "reference_id": "2400449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400449" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59681", "reference_id": "CVE-2025-59681", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59681" }, { "reference_url": "https://github.com/advisories/GHSA-hpr9-3m2g-3j9p", "reference_id": "GHSA-hpr9-3m2g-3j9p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hpr9-3m2g-3j9p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18984", "reference_id": "RHSA-2025:18984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://usn.ubuntu.com/7794-1/", "reference_id": "USN-7794-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7794-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45264?format=api", "purl": "pkg:pypi/django@4.2.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/45265?format=api", "purl": "pkg:pypi/django@5.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-u15a-4ste-43cy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/45266?format=api", "purl": "pkg:pypi/django@5.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3ccr-92q5-aqfk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-92z2-3rbz-77h9" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-g22z-jue5-8udz" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-u15a-4ste-43cy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7" } ], "aliases": [ "BIT-django-2025-59681", "CVE-2025-59681", "GHSA-hpr9-3m2g-3j9p", "PYSEC-2025-106" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpgq-jhzc-j7h2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264200?format=api", "vulnerability_id": "VCID-ax42-esfz-vud2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46478", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca" }, { "reference_url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2" }, { "reference_url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496", "reference_id": "2314496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231", "reference_id": "CVE-2024-45231", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231" }, { "reference_url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv", "reference_id": "GHSA-rrqc-c2jx-6jgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42456?format=api", "purl": "pkg:pypi/django@4.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/42455?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/42454?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45231", "GHSA-rrqc-c2jx-6jgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax42-esfz-vud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9220?format=api", "vulnerability_id": "VCID-jt9m-kd3k-uqca", "summary": "An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.86191", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397" }, { "reference_url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b" }, { "reference_url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314485", "reference_id": "2314485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314485" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230", "reference_id": "CVE-2024-45230", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230" }, { "reference_url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc", "reference_id": "GHSA-5hgc-2vfp-mqvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8534", "reference_id": "RHSA-2024:8534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8534" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42456?format=api", "purl": "pkg:pypi/django@4.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/42455?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/42454?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "BIT-django-2024-45230", "CVE-2024-45230", "GHSA-5hgc-2vfp-mqvc", "PYSEC-2024-102" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt9m-kd3k-uqca" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }