Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/47740?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/47740?format=api", "purl": "pkg:pypi/django@5.0.8", "type": "pypi", "namespace": "", "name": "django", "version": "5.0.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.1.15", "latest_non_vulnerable_version": "6.0.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14585?format=api", "vulnerability_id": "VCID-3sac-ah8j-pucd", "summary": "Django SQL injection in HasKey(lhs, rhs) on Oracle\nAn issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.7171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.71728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.71745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.71679", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.71697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.7167", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.71709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.7172", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53908" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53908", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53908" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329287", "reference_id": "2329287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329287" }, { "reference_url": "https://github.com/advisories/GHSA-m9g8-fxxm-xg86", "reference_id": "GHSA-m9g8-fxxm-xg86", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9g8-fxxm-xg86" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11144", "reference_id": "RHSA-2024:11144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11146", "reference_id": "RHSA-2024:11146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0340", "reference_id": "RHSA-2025:0340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0721", "reference_id": "RHSA-2025:0721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0721" }, { "reference_url": "https://usn.ubuntu.com/7136-1/", "reference_id": "USN-7136-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51170?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/51181?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "BIT-django-2024-53908", "CVE-2024-53908", "GHSA-m9g8-fxxm-xg86", "PYSEC-2024-157" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sac-ah8j-pucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22243?format=api", "vulnerability_id": "VCID-84mm-45p6-xkau", "summary": "Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05452", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0548", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05417", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05459", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07235", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242" }, { "reference_url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac" }, { "reference_url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f" }, { "reference_url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649", "reference_id": "2412649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458", "reference_id": "CVE-2025-64458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458" }, { "reference_url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3", "reference_id": "GHSA-qw25-v68c-qjf3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64823?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64822?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67632?format=api", "purl": "pkg:pypi/django@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1" } ], "aliases": [ "CVE-2025-64458", "GHSA-qw25-v68c-qjf3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15097?format=api", "vulnerability_id": "VCID-896g-hqec-ryb9", "summary": "An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.6146", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61439", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61423", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61377", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61407", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61378", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/04/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/04/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282", "reference_id": "1107282", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365", "reference_id": "2370365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365" }, { "reference_url": "https://security.archlinux.org/ASA-202506-6", "reference_id": "ASA-202506-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-6" }, { "reference_url": "https://security.archlinux.org/AVG-2894", "reference_id": "AVG-2894", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2894" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/", "reference_id": "bugfix-releases", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/" }, { "reference_url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9", "reference_id": "GHSA-7xr5-9hcq-chf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14686", "reference_id": "RHSA-2025:14686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://usn.ubuntu.com/7555-1/", "reference_id": "USN-7555-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7555-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53117?format=api", "purl": "pkg:pypi/django@5.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53116?format=api", "purl": "pkg:pypi/django@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2" } ], "aliases": [ "BIT-django-2025-48432", "CVE-2025-48432", "GHSA-7xr5-9hcq-chf9", "PYSEC-2025-47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22234?format=api", "vulnerability_id": "VCID-9uzd-mmyv-mfh4", "summary": "Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68804", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68774", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85" }, { "reference_url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4" }, { "reference_url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b" }, { "reference_url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241" }, { "reference_url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139", "reference_id": "1120139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651", "reference_id": "2412651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py", "reference_id": "CVE-2025-64459", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459", "reference_id": "CVE-2025-64459", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459" }, { "reference_url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr", "reference_id": "GHSA-frmv-pr5f-9mcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23069", "reference_id": "RHSA-2025:23069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23070", "reference_id": "RHSA-2025:23070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23130", "reference_id": "RHSA-2025:23130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23131", "reference_id": "RHSA-2025:23131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23133", "reference_id": "RHSA-2025:23133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1596", "reference_id": "RHSA-2026:1596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1596" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7859-1/", "reference_id": "USN-7859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64823?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64822?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67632?format=api", "purl": "pkg:pypi/django@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1" } ], "aliases": [ "CVE-2025-64459", "GHSA-frmv-pr5f-9mcr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12049?format=api", "vulnerability_id": "VCID-e2jd-yd4j-kqgt", "summary": "Django allows enumeration of user e-mail addresses\nAn issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46351", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca" }, { "reference_url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2" }, { "reference_url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496", "reference_id": "2314496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496" }, { "reference_url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv", "reference_id": "GHSA-rrqc-c2jx-6jgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43219?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/43217?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45231", "GHSA-rrqc-c2jx-6jgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14706?format=api", "vulnerability_id": "VCID-e87q-1j8h-93hh", "summary": "An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24496", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24686", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe" }, { "reference_url": "https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e" }, { "reference_url": "https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf" }, { "reference_url": "https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56374" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/01/14/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049", "reference_id": "1093049", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337996", "reference_id": "2337996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337996" }, { "reference_url": "https://github.com/advisories/GHSA-qcgg-j2x8-h9g8", "reference_id": "GHSA-qcgg-j2x8-h9g8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcgg-j2x8-h9g8" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0722", "reference_id": "RHSA-2025:0722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0777", "reference_id": "RHSA-2025:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0782", "reference_id": "RHSA-2025:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2399", "reference_id": "RHSA-2025:2399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4576", "reference_id": "RHSA-2025:4576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4576" }, { "reference_url": "https://usn.ubuntu.com/7205-1/", "reference_id": "USN-7205-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7205-1/" }, { "reference_url": "https://usn.ubuntu.com/7205-2/", "reference_id": "USN-7205-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7205-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51713?format=api", "purl": "pkg:pypi/django@5.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51712?format=api", "purl": "pkg:pypi/django@5.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5" } ], "aliases": [ "BIT-django-2024-56374", "CVE-2024-56374", "GHSA-qcgg-j2x8-h9g8", "PYSEC-2025-1" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12524?format=api", "vulnerability_id": "VCID-mga4-an1w-qqf9", "summary": "Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters\nAn issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.8594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85942", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85928", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85918", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85899", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.85896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.8588", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397" }, { "reference_url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b" }, { "reference_url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314485", "reference_id": "2314485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314485" }, { "reference_url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc", "reference_id": "GHSA-5hgc-2vfp-mqvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8534", "reference_id": "RHSA-2024:8534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8534" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43219?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/43217?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "BIT-django-2024-45230", "CVE-2024-45230", "GHSA-5hgc-2vfp-mqvc", "PYSEC-2024-102" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mga4-an1w-qqf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14932?format=api", "vulnerability_id": "VCID-p9fd-1qx2-8ubc", "summary": "An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3805", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.381", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27556" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd" }, { "reference_url": "https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821" }, { "reference_url": "https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1" }, { "reference_url": "https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27556", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27556" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/04/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/04/02/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356899", "reference_id": "2356899", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356899" }, { "reference_url": "https://github.com/advisories/GHSA-wqfg-m96j-85vm", "reference_id": "GHSA-wqfg-m96j-85vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqfg-m96j-85vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52375?format=api", "purl": "pkg:pypi/django@5.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/66588?format=api", "purl": "pkg:pypi/django@5.1a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52374?format=api", "purl": "pkg:pypi/django@5.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/64821?format=api", "purl": "pkg:pypi/django@5.2a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1" } ], "aliases": [ "BIT-django-2025-27556", "CVE-2025-27556", "GHSA-wqfg-m96j-85vm", "PYSEC-2025-14" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9fd-1qx2-8ubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14666?format=api", "vulnerability_id": "VCID-rmdp-bnjj-zuf2", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51170?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/51181?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "PYSEC-2024-156" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmdp-bnjj-zuf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25634?format=api", "vulnerability_id": "VCID-w4pr-k5nj-ckgy", "summary": "Django is subject to SQL injection through its column aliases\nAn issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05593", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05868", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05798", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5" }, { "reference_url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92" }, { "reference_url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html" }, { "reference_url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865", "reference_id": "1113865", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990", "reference_id": "2392990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990" }, { "reference_url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w", "reference_id": "GHSA-6w2r-r2m5-xq5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16403", "reference_id": "RHSA-2025:16403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16404", "reference_id": "RHSA-2025:16404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16514", "reference_id": "RHSA-2025:16514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17498", "reference_id": "RHSA-2025:17498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17499", "reference_id": "RHSA-2025:17499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17500", "reference_id": "RHSA-2025:17500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17606", "reference_id": "RHSA-2025:17606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17613", "reference_id": "RHSA-2025:17613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17614", "reference_id": "RHSA-2025:17614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17614" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7736-1/", "reference_id": "USN-7736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68876?format=api", "purl": "pkg:pypi/django@5.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/68877?format=api", "purl": "pkg:pypi/django@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6" } ], "aliases": [ "CVE-2025-57833", "GHSA-6w2r-r2m5-xq5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14665?format=api", "vulnerability_id": "VCID-wwa5-mhgu-9khz", "summary": "Django denial-of-service in django.utils.html.strip_tags()\nAn issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77412", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77416", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.7741", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77364", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77371", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.7739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.774", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53907" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/dec/04/security-releases" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288", "reference_id": "2329288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288" }, { "reference_url": "https://github.com/advisories/GHSA-8498-2h75-472j", "reference_id": "GHSA-8498-2h75-472j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8498-2h75-472j" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11144", "reference_id": "RHSA-2024:11144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11146", "reference_id": "RHSA-2024:11146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0340", "reference_id": "RHSA-2025:0340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0777", "reference_id": "RHSA-2025:0777", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0777" }, { "reference_url": "https://usn.ubuntu.com/7136-1/", "reference_id": "USN-7136-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-1/" }, { "reference_url": "https://usn.ubuntu.com/7136-2/", "reference_id": "USN-7136-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7136-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51170?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/51181?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "CVE-2024-53907", "GHSA-8498-2h75-472j" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14834?format=api", "vulnerability_id": "VCID-xgv1-s2ek-q3dp", "summary": "An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81676", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81624", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81643", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81675", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81695", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81682", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26699" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/03/06/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/03/06/12" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682", "reference_id": "1099682", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348993", "reference_id": "2348993", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348993" }, { "reference_url": "https://github.com/advisories/GHSA-p3fp-8748-vqfq", "reference_id": "GHSA-p3fp-8748-vqfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3fp-8748-vqfq" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3160", "reference_id": "RHSA-2025:3160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3162", "reference_id": "RHSA-2025:3162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3709", "reference_id": "RHSA-2025:3709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4553", "reference_id": "RHSA-2025:4553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8609", "reference_id": "RHSA-2025:8609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8609" }, { "reference_url": "https://usn.ubuntu.com/7335-1/", "reference_id": "USN-7335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52166?format=api", "purl": "pkg:pypi/django@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/66588?format=api", "purl": "pkg:pypi/django@5.1a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52165?format=api", "purl": "pkg:pypi/django@5.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/64821?format=api", "purl": "pkg:pypi/django@5.2a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1" } ], "aliases": [ "BIT-django-2025-26699", "CVE-2025-26699", "GHSA-p3fp-8748-vqfq", "PYSEC-2025-13" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13419?format=api", "vulnerability_id": "VCID-7tph-k8q2-bue2", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.7582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75803", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.7577", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75792", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.75759", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927" }, { "reference_url": "https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41991" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302435", "reference_id": "2302435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302435" }, { "reference_url": "https://github.com/advisories/GHSA-r836-hh6v-rg5g", "reference_id": "GHSA-r836-hh6v-rg5g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r836-hh6v-rg5g" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7987", "reference_id": "RHSA-2024:7987", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47741?format=api", "purl": "pkg:pypi/django@4.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/47740?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "BIT-django-2024-41991", "CVE-2024-41991", "GHSA-r836-hh6v-rg5g", "PYSEC-2024-69" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13433?format=api", "vulnerability_id": "VCID-m91a-6235-nye9", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55873", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55863", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5586", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55809", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d" }, { "reference_url": "https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302436", "reference_id": "2302436", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302436" }, { "reference_url": "https://github.com/advisories/GHSA-pv4p-cwwg-4rph", "reference_id": "GHSA-pv4p-cwwg-4rph", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pv4p-cwwg-4rph" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8906", "reference_id": "RHSA-2024:8906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47741?format=api", "purl": "pkg:pypi/django@4.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/47740?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "BIT-django-2024-42005", "CVE-2024-42005", "GHSA-pv4p-cwwg-4rph", "PYSEC-2024-70" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13427?format=api", "vulnerability_id": "VCID-v1xr-z4zu-yfb4", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80316", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80327", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01386", "scoring_system": "epss", "scoring_elements": "0.80279", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8" }, { "reference_url": "https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41989" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302433", "reference_id": "2302433", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302433" }, { "reference_url": "https://github.com/advisories/GHSA-jh75-99hh-qvx9", "reference_id": "GHSA-jh75-99hh-qvx9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh75-99hh-qvx9" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8534", "reference_id": "RHSA-2024:8534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47741?format=api", "purl": "pkg:pypi/django@4.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/47740?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "BIT-django-2024-41989", "CVE-2024-41989", "GHSA-jh75-99hh-qvx9", "PYSEC-2024-67" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13424?format=api", "vulnerability_id": "VCID-xhpa-mffz-syfy", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79917", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79925", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79912", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79941", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79921", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01326", "scoring_system": "epss", "scoring_elements": "0.79875", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93" }, { "reference_url": "https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41990", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41990" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240905-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240905-0007" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074", "reference_id": "1078074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302434", "reference_id": "2302434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302434" }, { "reference_url": "https://github.com/advisories/GHSA-795c-9xpc-xw6g", "reference_id": "GHSA-795c-9xpc-xw6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-795c-9xpc-xw6g" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6428", "reference_id": "RHSA-2024:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1335", "reference_id": "RHSA-2025:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1335" }, { "reference_url": "https://usn.ubuntu.com/6946-1/", "reference_id": "USN-6946-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6946-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47741?format=api", "purl": "pkg:pypi/django@4.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/47740?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mga4-an1w-qqf9" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "BIT-django-2024-41990", "CVE-2024-41990", "GHSA-795c-9xpc-xw6g", "PYSEC-2024-68" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhpa-mffz-syfy" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" }