Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@0.95
Typepypi
Namespace
Namedjango
Version0.95
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.29
Latest_non_vulnerable_version6.0.4
Affected_by_vulnerabilities
0
url VCID-72fp-zabh-6qbv
vulnerability_id VCID-72fp-zabh-6qbv
summary 
Django Improper Access Control
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
references
0
reference_url http://code.djangoproject.com/changeset/3754
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://code.djangoproject.com/changeset/3754
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-0405
reference_id
reference_type
scores
0
value 0.00761
scoring_system epss
scoring_elements 0.73402
published_at 2026-04-18T12:55:00Z
1
value 0.00761
scoring_system epss
scoring_elements 0.73306
published_at 2026-04-07T12:55:00Z
2
value 0.00761
scoring_system epss
scoring_elements 0.73342
published_at 2026-04-08T12:55:00Z
3
value 0.00761
scoring_system epss
scoring_elements 0.73356
published_at 2026-04-09T12:55:00Z
4
value 0.00761
scoring_system epss
scoring_elements 0.73379
published_at 2026-04-11T12:55:00Z
5
value 0.00761
scoring_system epss
scoring_elements 0.73359
published_at 2026-04-12T12:55:00Z
6
value 0.00761
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-13T12:55:00Z
7
value 0.00761
scoring_system epss
scoring_elements 0.73394
published_at 2026-04-16T12:55:00Z
8
value 0.00761
scoring_system epss
scoring_elements 0.733
published_at 2026-04-01T12:55:00Z
9
value 0.00761
scoring_system epss
scoring_elements 0.73309
published_at 2026-04-02T12:55:00Z
10
value 0.00761
scoring_system epss
scoring_elements 0.73333
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-0405
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0405
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0405
3
reference_url http://secunia.com/advisories/23826
reference_id
reference_type
scores
url http://secunia.com/advisories/23826
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/31628
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/31628
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/3c5782287e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c5782287e
7
reference_url https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67
8
reference_url http://www.securityfocus.com/bid/22138
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/22138
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
reference_id 407786
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
reference_id cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-0405
reference_id CVE-2007-0405
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-0405
12
reference_url https://github.com/advisories/GHSA-mwv2-398h-v489
reference_id GHSA-mwv2-398h-v489
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwv2-398h-v489
fixed_packages
0
url pkg:pypi/django@1.0
purl pkg:pypi/django@1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-66kq-hbhe-9ba3
1
vulnerability VCID-hugz-zq5c-pugn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0
aliases CVE-2007-0405, GHSA-mwv2-398h-v489
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72fp-zabh-6qbv
1
url VCID-8b12-22bg-jkch
vulnerability_id VCID-8b12-22bg-jkch
summary The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5712.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5712.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5712
reference_id
reference_type
scores
0
value 0.01815
scoring_system epss
scoring_elements 0.82782
published_at 2026-04-01T12:55:00Z
1
value 0.01815
scoring_system epss
scoring_elements 0.82846
published_at 2026-04-13T12:55:00Z
2
value 0.01815
scoring_system epss
scoring_elements 0.8285
published_at 2026-04-12T12:55:00Z
3
value 0.01815
scoring_system epss
scoring_elements 0.82855
published_at 2026-04-11T12:55:00Z
4
value 0.01815
scoring_system epss
scoring_elements 0.82839
published_at 2026-04-09T12:55:00Z
5
value 0.01815
scoring_system epss
scoring_elements 0.82832
published_at 2026-04-08T12:55:00Z
6
value 0.01815
scoring_system epss
scoring_elements 0.82807
published_at 2026-04-07T12:55:00Z
7
value 0.01815
scoring_system epss
scoring_elements 0.82812
published_at 2026-04-04T12:55:00Z
8
value 0.01815
scoring_system epss
scoring_elements 0.82798
published_at 2026-04-02T12:55:00Z
9
value 0.01815
scoring_system epss
scoring_elements 0.82884
published_at 2026-04-18T12:55:00Z
10
value 0.01815
scoring_system epss
scoring_elements 0.82885
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5712
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5712
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5712
3
reference_url http://secunia.com/advisories/27435
reference_id
reference_type
scores
url http://secunia.com/advisories/27435
4
reference_url http://secunia.com/advisories/27597
reference_id
reference_type
scores
url http://secunia.com/advisories/27597
5
reference_url http://secunia.com/advisories/31961
reference_id
reference_type
scores
url http://secunia.com/advisories/31961
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/38143
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/38143
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234
9
reference_url https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f
10
reference_url https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2007-1.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2007-1.yaml
12
reference_url http://sourceforge.net/forum/forum.php?forum_id=749199
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://sourceforge.net/forum/forum.php?forum_id=749199
13
reference_url https://web.archive.org/web/20091201070224/http://secunia.com/advisories/27435
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20091201070224/http://secunia.com/advisories/27435
14
reference_url https://web.archive.org/web/20111224195100/http://secunia.com/advisories/27597
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111224195100/http://secunia.com/advisories/27597
15
reference_url https://web.archive.org/web/20111229085535/http://secunia.com/advisories/31961
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111229085535/http://secunia.com/advisories/31961
16
reference_url https://web.archive.org/web/20200228183657/http://www.securityfocus.com/bid/26227
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228183657/http://www.securityfocus.com/bid/26227
17
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html
18
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html
19
reference_url http://www.debian.org/security/2008/dsa-1640
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2008/dsa-1640
20
reference_url http://www.djangoproject.com/weblog/2007/oct/26/security-fix
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.djangoproject.com/weblog/2007/oct/26/security-fix
21
reference_url http://www.securityfocus.com/bid/26227
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/26227
22
reference_url http://www.vupen.com/english/advisories/2007/3660
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/3660
23
reference_url http://www.vupen.com/english/advisories/2007/3661
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/3661
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=357051
reference_id 357051
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=357051
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448838
reference_id 448838
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448838
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5712
reference_id CVE-2007-5712
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5712
27
reference_url https://github.com/advisories/GHSA-9v8h-57gv-qch6
reference_id GHSA-9v8h-57gv-qch6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9v8h-57gv-qch6
fixed_packages
0
url pkg:pypi/django@0.95.2
purl pkg:pypi/django@0.95.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.95.2
1
url pkg:pypi/django@0.96.1
purl pkg:pypi/django@0.96.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.96.1
2
url pkg:pypi/django@1.1
purl pkg:pypi/django@1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pvd-3217-6ygv
1
vulnerability VCID-2dhb-9yue-33h7
2
vulnerability VCID-2m9f-3cgw-ekdr
3
vulnerability VCID-325d-7dfk-sqd2
4
vulnerability VCID-42cm-j2av-87ea
5
vulnerability VCID-47er-pm3z-qfh3
6
vulnerability VCID-5g4y-1qmy-27bd
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7bu3-ckpj-gbf8
9
vulnerability VCID-84mm-45p6-xkau
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8teq-9xr9-q3fg
13
vulnerability VCID-9uzd-mmyv-mfh4
14
vulnerability VCID-a6d1-p4q6-fyav
15
vulnerability VCID-a715-2qks-wyhn
16
vulnerability VCID-bgmv-mf3x-bkew
17
vulnerability VCID-br5x-v7md-47hp
18
vulnerability VCID-c1n5-4ars-u7ff
19
vulnerability VCID-czkz-mcv8-mqfc
20
vulnerability VCID-e2jd-yd4j-kqgt
21
vulnerability VCID-eker-m822-cuax
22
vulnerability VCID-fw2d-s2rt-syfz
23
vulnerability VCID-g56k-prrj-aqb1
24
vulnerability VCID-hugz-zq5c-pugn
25
vulnerability VCID-jc9f-vgy8-ruan
26
vulnerability VCID-jumh-hkhx-7qc9
27
vulnerability VCID-k6s1-gnmc-e3ed
28
vulnerability VCID-mm3u-a8ar-b3hp
29
vulnerability VCID-p1dq-27t5-e7b3
30
vulnerability VCID-pv1d-wrex-hbgy
31
vulnerability VCID-qm34-ec8s-tfd7
32
vulnerability VCID-qzba-9xmg-3qer
33
vulnerability VCID-sbr6-pybe-dubq
34
vulnerability VCID-spwd-dz6f-5fh9
35
vulnerability VCID-t8ec-st1v-s3e5
36
vulnerability VCID-ttm3-5a6e-wfa1
37
vulnerability VCID-ukxp-wqpr-t3by
38
vulnerability VCID-ura5-t7s9-8fck
39
vulnerability VCID-w2dv-u8h6-sbgs
40
vulnerability VCID-w4pr-k5nj-ckgy
41
vulnerability VCID-x4ev-6zjm-sbe4
42
vulnerability VCID-x516-xwze-6ba3
43
vulnerability VCID-xtqq-9751-r3dq
44
vulnerability VCID-yemh-qd63-wuca
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1
aliases CVE-2007-5712, GHSA-9v8h-57gv-qch6, PYSEC-2007-1
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b12-22bg-jkch
2
url VCID-v466-zd6u-dqce
vulnerability_id VCID-v466-zd6u-dqce
summary Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2302.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2302.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-2302
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63241
published_at 2026-04-09T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63116
published_at 2026-04-01T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.63176
published_at 2026-04-02T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.6325
published_at 2026-04-18T12:55:00Z
4
value 0.00441
scoring_system epss
scoring_elements 0.63207
published_at 2026-04-13T12:55:00Z
5
value 0.00441
scoring_system epss
scoring_elements 0.63243
published_at 2026-04-16T12:55:00Z
6
value 0.00441
scoring_system epss
scoring_elements 0.63206
published_at 2026-04-04T12:55:00Z
7
value 0.00441
scoring_system epss
scoring_elements 0.63171
published_at 2026-04-07T12:55:00Z
8
value 0.00441
scoring_system epss
scoring_elements 0.63259
published_at 2026-04-11T12:55:00Z
9
value 0.00441
scoring_system epss
scoring_elements 0.63223
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-2302
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
3
reference_url http://secunia.com/advisories/30250
reference_id
reference_type
scores
url http://secunia.com/advisories/30250
4
reference_url http://secunia.com/advisories/30291
reference_id
reference_type
scores
url http://secunia.com/advisories/30291
5
reference_url http://securitytracker.com/id?1020028
reference_id
reference_type
scores
url http://securitytracker.com/id?1020028
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
9
reference_url https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
10
reference_url https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
12
reference_url https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
13
reference_url https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
14
reference_url https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
15
reference_url https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
16
reference_url http://www.djangoproject.com/weblog/2008/may/14/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.djangoproject.com/weblog/2008/may/14/security
17
reference_url http://www.djangoproject.com/weblog/2008/may/14/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2008/may/14/security/
18
reference_url http://www.securityfocus.com/bid/29209
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/29209
19
reference_url http://www.vupen.com/english/advisories/2008/1618
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/1618
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=446402
reference_id 446402
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=446402
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
reference_id 481164
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-2302
reference_id CVE-2008-2302
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-2302
23
reference_url https://github.com/advisories/GHSA-54qj-48vx-cr9f
reference_id GHSA-54qj-48vx-cr9f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54qj-48vx-cr9f
fixed_packages
0
url pkg:pypi/django@0.95.3
purl pkg:pypi/django@0.95.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.95.3
1
url pkg:pypi/django@0.96.2
purl pkg:pypi/django@0.96.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.96.2
2
url pkg:pypi/django@1.1
purl pkg:pypi/django@1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pvd-3217-6ygv
1
vulnerability VCID-2dhb-9yue-33h7
2
vulnerability VCID-2m9f-3cgw-ekdr
3
vulnerability VCID-325d-7dfk-sqd2
4
vulnerability VCID-42cm-j2av-87ea
5
vulnerability VCID-47er-pm3z-qfh3
6
vulnerability VCID-5g4y-1qmy-27bd
7
vulnerability VCID-6gss-ppm5-3yc9
8
vulnerability VCID-7bu3-ckpj-gbf8
9
vulnerability VCID-84mm-45p6-xkau
10
vulnerability VCID-896g-hqec-ryb9
11
vulnerability VCID-8jaq-53td-wbeg
12
vulnerability VCID-8teq-9xr9-q3fg
13
vulnerability VCID-9uzd-mmyv-mfh4
14
vulnerability VCID-a6d1-p4q6-fyav
15
vulnerability VCID-a715-2qks-wyhn
16
vulnerability VCID-bgmv-mf3x-bkew
17
vulnerability VCID-br5x-v7md-47hp
18
vulnerability VCID-c1n5-4ars-u7ff
19
vulnerability VCID-czkz-mcv8-mqfc
20
vulnerability VCID-e2jd-yd4j-kqgt
21
vulnerability VCID-eker-m822-cuax
22
vulnerability VCID-fw2d-s2rt-syfz
23
vulnerability VCID-g56k-prrj-aqb1
24
vulnerability VCID-hugz-zq5c-pugn
25
vulnerability VCID-jc9f-vgy8-ruan
26
vulnerability VCID-jumh-hkhx-7qc9
27
vulnerability VCID-k6s1-gnmc-e3ed
28
vulnerability VCID-mm3u-a8ar-b3hp
29
vulnerability VCID-p1dq-27t5-e7b3
30
vulnerability VCID-pv1d-wrex-hbgy
31
vulnerability VCID-qm34-ec8s-tfd7
32
vulnerability VCID-qzba-9xmg-3qer
33
vulnerability VCID-sbr6-pybe-dubq
34
vulnerability VCID-spwd-dz6f-5fh9
35
vulnerability VCID-t8ec-st1v-s3e5
36
vulnerability VCID-ttm3-5a6e-wfa1
37
vulnerability VCID-ukxp-wqpr-t3by
38
vulnerability VCID-ura5-t7s9-8fck
39
vulnerability VCID-w2dv-u8h6-sbgs
40
vulnerability VCID-w4pr-k5nj-ckgy
41
vulnerability VCID-x4ev-6zjm-sbe4
42
vulnerability VCID-x516-xwze-6ba3
43
vulnerability VCID-xtqq-9751-r3dq
44
vulnerability VCID-yemh-qd63-wuca
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1
aliases CVE-2008-2302, GHSA-54qj-48vx-cr9f, PYSEC-2008-1
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v466-zd6u-dqce
3
url VCID-yx42-v5s7-h7ac
vulnerability_id VCID-yx42-v5s7-h7ac
summary 
Django Arbitrary Code Execution
`bin/compile-messages.py` in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
references
0
reference_url http://code.djangoproject.com/changeset/3592
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://code.djangoproject.com/changeset/3592
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-0404
reference_id
reference_type
scores
0
value 0.0067
scoring_system epss
scoring_elements 0.71373
published_at 2026-04-18T12:55:00Z
1
value 0.0067
scoring_system epss
scoring_elements 0.71283
published_at 2026-04-02T12:55:00Z
2
value 0.0067
scoring_system epss
scoring_elements 0.71301
published_at 2026-04-04T12:55:00Z
3
value 0.0067
scoring_system epss
scoring_elements 0.71317
published_at 2026-04-08T12:55:00Z
4
value 0.0067
scoring_system epss
scoring_elements 0.7133
published_at 2026-04-09T12:55:00Z
5
value 0.0067
scoring_system epss
scoring_elements 0.71353
published_at 2026-04-11T12:55:00Z
6
value 0.0067
scoring_system epss
scoring_elements 0.71338
published_at 2026-04-12T12:55:00Z
7
value 0.0067
scoring_system epss
scoring_elements 0.71321
published_at 2026-04-13T12:55:00Z
8
value 0.0067
scoring_system epss
scoring_elements 0.71367
published_at 2026-04-16T12:55:00Z
9
value 0.0067
scoring_system epss
scoring_elements 0.71275
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-0404
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0404
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0404
4
reference_url http://secunia.com/advisories/23826
reference_id
reference_type
scores
url http://secunia.com/advisories/23826
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/31627
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/31627
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/518d406e53
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/518d406e53
8
reference_url https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e
9
reference_url http://www.securityfocus.com/bid/22134
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/22134
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
reference_id 407786
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
reference_id cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-0404
reference_id CVE-2007-0404
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-0404
13
reference_url https://github.com/advisories/GHSA-qc99-g3wm-hgxr
reference_id GHSA-qc99-g3wm-hgxr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qc99-g3wm-hgxr
fixed_packages
0
url pkg:pypi/django@1.0
purl pkg:pypi/django@1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-66kq-hbhe-9ba3
1
vulnerability VCID-hugz-zq5c-pugn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0
aliases CVE-2007-0404, GHSA-qc99-g3wm-hgxr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yx42-v5s7-h7ac
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@0.95