Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@5.0.10
Typepypi
Namespace
Namedjango
Version5.0.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.14
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/01/14/2
fixed_packages
0
url pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
1
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11
1
url pkg:pypi/django@5.1.5
purl pkg:pypi/django@5.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-qy1a-x3ff-4bc8
8
vulnerability VCID-whgc-pt2s-77ar
9
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5
aliases CVE-2024-56374, PYSEC-2025-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
1
url VCID-qw15-2kq7-wqed
vulnerability_id VCID-qw15-2kq7-wqed
summary An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/04/02/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/04/02/2
fixed_packages
0
url pkg:pypi/django@5.0.14
purl pkg:pypi/django@5.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14
1
url pkg:pypi/django@5.1.8
purl pkg:pypi/django@5.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-whgc-pt2s-77ar
7
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8
aliases CVE-2025-27556, PYSEC-2025-14
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed
2
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
3
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
4
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/03/06/12
fixed_packages
0
url pkg:pypi/django@5.0.13
purl pkg:pypi/django@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qw15-2kq7-wqed
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13
1
url pkg:pypi/django@5.1.7
purl pkg:pypi/django@5.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-qw15-2kq7-wqed
7
vulnerability VCID-whgc-pt2s-77ar
8
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7
aliases CVE-2025-26699, PYSEC-2025-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
Fixing_vulnerabilities
0
url VCID-2ft7-rbey-kuhx
vulnerability_id VCID-2ft7-rbey-kuhx
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-pa7y-gpwp-6qgj
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-qy1a-x3ff-4bc8
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53908, PYSEC-2024-157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx
1
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
3
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2024/12/04/3
fixed_packages
0
url pkg:pypi/django@4.2.17
purl pkg:pypi/django@4.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-9kvc-1bdz-n3bd
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-pa7y-gpwp-6qgj
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-qy1a-x3ff-4bc8
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17
1
url pkg:pypi/django@5.0.10
purl pkg:pypi/django@5.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pa7y-gpwp-6qgj
1
vulnerability VCID-qw15-2kq7-wqed
2
vulnerability VCID-qy1a-x3ff-4bc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10
2
url pkg:pypi/django@5.1.4
purl pkg:pypi/django@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-9kvc-1bdz-n3bd
3
vulnerability VCID-bb8b-hq41-s7a6
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-whgc-pt2s-77ar
10
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4
aliases CVE-2024-53907, PYSEC-2024-156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10