Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@5.1.10
Typepypi
Namespace
Namedjango
Version5.1.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.1.15
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-5xtt-au84-zbb2
vulnerability_id VCID-5xtt-au84-zbb2
summary An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
4
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
6
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
7
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
8
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/10/01/3
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
10
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
fixed_packages
0
url pkg:pypi/django@5.1.13
purl pkg:pypi/django@5.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
2
vulnerability VCID-ga69-9y5g-77c3
3
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.13
1
url pkg:pypi/django@5.2.7
purl pkg:pypi/django@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-m4am-h2ea-3ffr
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7
aliases CVE-2025-59681, GHSA-hpr9-3m2g-3j9p, PYSEC-2025-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xtt-au84-zbb2
1
url VCID-7c5n-nzwk-v7bz
vulnerability_id VCID-7c5n-nzwk-v7bz
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
reference_id
reference_type
scores
url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
4
reference_url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
reference_id
reference_type
scores
url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
5
reference_url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
reference_id
reference_type
scores
url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
6
reference_url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
7
reference_url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
10
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
reference_id CVE-2025-13372
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
12
reference_url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
reference_id GHSA-rqw2-ghq9-44m7
reference_type
scores
url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
fixed_packages
0
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
1
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases CVE-2025-13372, GHSA-rqw2-ghq9-44m7, PYSEC-2025-104
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c5n-nzwk-v7bz
2
url VCID-fcg9-xypn-ykhf
vulnerability_id VCID-fcg9-xypn-ykhf
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
4
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
5
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
6
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
9
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
11
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
fixed_packages
0
url pkg:pypi/django@5.1.15
purl pkg:pypi/django@5.1.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.15
1
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
aliases CVE-2025-64460, GHSA-vrcr-9hj9-jcg6, PYSEC-2025-109
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg9-xypn-ykhf
3
url VCID-ga69-9y5g-77c3
vulnerability_id VCID-ga69-9y5g-77c3
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
reference_id
reference_type
scores
url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
4
reference_url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
reference_id
reference_type
scores
url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
5
reference_url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
reference_id
reference_type
scores
url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
6
reference_url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
reference_id
reference_type
scores
url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://groups.google.com/g/django-announce
8
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
9
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
reference_id CVE-2025-64458
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
11
reference_url https://github.com/advisories/GHSA-qw25-v68c-qjf3
reference_id GHSA-qw25-v68c-qjf3
reference_type
scores
url https://github.com/advisories/GHSA-qw25-v68c-qjf3
fixed_packages
0
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
1
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga69-9y5g-77c3
4
url VCID-whgc-pt2s-77ar
vulnerability_id VCID-whgc-pt2s-77ar
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
4
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
5
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
6
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
7
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://groups.google.com/g/django-announce
9
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
10
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
11
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
13
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
fixed_packages
0
url pkg:pypi/django@5.1.14
purl pkg:pypi/django@5.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c5n-nzwk-v7bz
1
vulnerability VCID-fcg9-xypn-ykhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14
1
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
aliases CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar
5
url VCID-ynt9-h6ww-h7e9
vulnerability_id VCID-ynt9-h6ww-h7e9
summary An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/g/django-announce
2
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
3
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
4
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
5
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2025/09/03/3
fixed_packages
0
url pkg:pypi/django@5.1.12
purl pkg:pypi/django@5.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12
1
url pkg:pypi/django@5.2.6
purl pkg:pypi/django@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6
aliases CVE-2025-57833, PYSEC-2025-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9
Fixing_vulnerabilities
0
url VCID-bb8b-hq41-s7a6
vulnerability_id VCID-bb8b-hq41-s7a6
summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
3
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/06/04/5
fixed_packages
0
url pkg:pypi/django@4.2.22
purl pkg:pypi/django@4.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-fcg9-xypn-ykhf
4
vulnerability VCID-ga69-9y5g-77c3
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-wa3g-27sx-mbcw
15
vulnerability VCID-whgc-pt2s-77ar
16
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22
1
url pkg:pypi/django@5.1.10
purl pkg:pypi/django@5.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xtt-au84-zbb2
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-fcg9-xypn-ykhf
3
vulnerability VCID-ga69-9y5g-77c3
4
vulnerability VCID-whgc-pt2s-77ar
5
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10
2
url pkg:pypi/django@5.2.2
purl pkg:pypi/django@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2
aliases CVE-2025-48432, PYSEC-2025-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10