Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@5.0.10

Type pypi

Namespace

Name django

Version 5.0.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.1.15

Latest_non_vulnerable_version 6.0.4

Affected_by_vulnerabilities

url VCID-84mm-45p6-xkau

vulnerability_id VCID-84mm-45p6-xkau

summary

Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64458

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05432
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05438
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05452
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0548
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05424
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05417
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05459
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07235
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64458

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242

reference_url

https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac

reference_url

https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f

reference_url

https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/

url

https://groups.google.com/g/django-announce

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2412649
reference_id	2412649
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2412649

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64458

reference_id

CVE-2025-64458

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64458

reference_url

https://github.com/advisories/GHSA-qw25-v68c-qjf3

reference_id

GHSA-qw25-v68c-qjf3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qw25-v68c-qjf3

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_id

security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

fixed_packages

url pkg:pypi/django@5.1.14

purl pkg:pypi/django@5.1.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14

url pkg:pypi/django@5.2.8

purl pkg:pypi/django@5.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8

url pkg:pypi/django@6.0a1

purl pkg:pypi/django@6.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1

aliases CVE-2025-64458, GHSA-qw25-v68c-qjf3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau

url VCID-896g-hqec-ryb9

vulnerability_id VCID-896g-hqec-ryb9

summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48432

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61428
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61446
published_at	2026-04-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.6146
published_at	2026-04-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61439
published_at	2026-04-09T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61423
published_at	2026-04-08T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61377
published_at	2026-04-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61407
published_at	2026-04-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61378
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://groups.google.com/g/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48432

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48432

reference_url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases

reference_url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases/

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases/

reference_url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases

reference_url

http://www.openwall.com/lists/oss-security/2025/06/04/5

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/04/5

reference_url

http://www.openwall.com/lists/oss-security/2025/06/10/2

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/10/2

reference_url

http://www.openwall.com/lists/oss-security/2025/06/10/3

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/10/3

reference_url

http://www.openwall.com/lists/oss-security/2025/06/10/4

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/10/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
reference_id	1107282
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370365
reference_id	2370365
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370365

reference_url	https://security.archlinux.org/ASA-202506-6
reference_id	ASA-202506-6
reference_type
scores
url	https://security.archlinux.org/ASA-202506-6

reference_url

https://security.archlinux.org/AVG-2894

reference_id

AVG-2894

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2894

reference_url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/

reference_id

bugfix-releases

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/

reference_url

https://github.com/advisories/GHSA-7xr5-9hcq-chf9

reference_id

GHSA-7xr5-9hcq-chf9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7xr5-9hcq-chf9

reference_url	https://access.redhat.com/errata/RHSA-2025:14686
reference_id	RHSA-2025:14686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14686

reference_url	https://access.redhat.com/errata/RHSA-2025:16487
reference_id	RHSA-2025:16487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16487

reference_url	https://usn.ubuntu.com/7555-1/
reference_id	USN-7555-1
reference_type
scores
url	https://usn.ubuntu.com/7555-1/

fixed_packages

url pkg:pypi/django@5.1.10

purl pkg:pypi/django@5.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10

url pkg:pypi/django@5.2.2

purl pkg:pypi/django@5.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2

aliases BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9

url VCID-9uzd-mmyv-mfh4

vulnerability_id VCID-9uzd-mmyv-mfh4

summary

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64459

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.41087
published_at	2026-04-02T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68804
published_at	2026-04-12T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68818
published_at	2026-04-11T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68795
published_at	2026-04-09T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68776
published_at	2026-04-08T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68724
published_at	2026-04-07T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68747
published_at	2026-04-04T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68774
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85

reference_url

https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4

reference_url

https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b

reference_url

https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241

reference_url

https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://groups.google.com/g/django-announce

reference_url

https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id	1120139
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id	2412651
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2412651

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id	CVE-2025-64459
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64459

reference_id

CVE-2025-64459

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64459

reference_url

https://github.com/advisories/GHSA-frmv-pr5f-9mcr

reference_id

GHSA-frmv-pr5f-9mcr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-frmv-pr5f-9mcr

reference_url	https://access.redhat.com/errata/RHSA-2025:23069
reference_id	RHSA-2025:23069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23069

reference_url	https://access.redhat.com/errata/RHSA-2025:23070
reference_id	RHSA-2025:23070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23070

reference_url	https://access.redhat.com/errata/RHSA-2025:23130
reference_id	RHSA-2025:23130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23130

reference_url	https://access.redhat.com/errata/RHSA-2025:23131
reference_id	RHSA-2025:23131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23131

reference_url	https://access.redhat.com/errata/RHSA-2025:23133
reference_id	RHSA-2025:23133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23133

reference_url	https://access.redhat.com/errata/RHSA-2025:23196
reference_id	RHSA-2025:23196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23196

reference_url	https://access.redhat.com/errata/RHSA-2026:1596
reference_id	RHSA-2026:1596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1596

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_id

security-releases

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_url	https://usn.ubuntu.com/7859-1/
reference_id	USN-7859-1
reference_type
scores
url	https://usn.ubuntu.com/7859-1/

fixed_packages

url pkg:pypi/django@5.1.14

purl pkg:pypi/django@5.1.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14

url pkg:pypi/django@5.2.8

purl pkg:pypi/django@5.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8

url pkg:pypi/django@6.0a1

purl pkg:pypi/django@6.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1

aliases CVE-2025-64459, GHSA-frmv-pr5f-9mcr

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4

url VCID-e87q-1j8h-93hh

vulnerability_id VCID-e87q-1j8h-93hh

summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56374

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24532
published_at	2026-04-13T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24586
published_at	2026-04-12T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24629
published_at	2026-04-11T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24612
published_at	2026-04-09T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24567
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24496
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24724
published_at	2026-04-04T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24686
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe

reference_url

https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e

reference_url

https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf

reference_url

https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/

url

https://groups.google.com/g/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-56374

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-56374

reference_url

https://www.djangoproject.com/weblog/2025/jan/14/security-releases

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/jan/14/security-releases

reference_url

https://www.djangoproject.com/weblog/2025/jan/14/security-releases/

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/

url

https://www.djangoproject.com/weblog/2025/jan/14/security-releases/

reference_url

http://www.openwall.com/lists/oss-security/2025/01/14/2

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/01/14/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
reference_id	1093049
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2337996
reference_id	2337996
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2337996

reference_url

https://github.com/advisories/GHSA-qcgg-j2x8-h9g8

reference_id

GHSA-qcgg-j2x8-h9g8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcgg-j2x8-h9g8

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2025:0722
reference_id	RHSA-2025:0722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0722

reference_url	https://access.redhat.com/errata/RHSA-2025:0777
reference_id	RHSA-2025:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0777

reference_url	https://access.redhat.com/errata/RHSA-2025:0782
reference_id	RHSA-2025:0782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0782

reference_url	https://access.redhat.com/errata/RHSA-2025:2399
reference_id	RHSA-2025:2399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2399

reference_url	https://access.redhat.com/errata/RHSA-2025:4576
reference_id	RHSA-2025:4576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4576

reference_url	https://usn.ubuntu.com/7205-1/
reference_id	USN-7205-1
reference_type
scores
url	https://usn.ubuntu.com/7205-1/

reference_url	https://usn.ubuntu.com/7205-2/
reference_id	USN-7205-2
reference_type
scores
url	https://usn.ubuntu.com/7205-2/

fixed_packages

url pkg:pypi/django@5.0.11

purl pkg:pypi/django@5.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11

url pkg:pypi/django@5.1.5

purl pkg:pypi/django@5.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5

aliases BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh

url VCID-p9fd-1qx2-8ubc

vulnerability_id VCID-p9fd-1qx2-8ubc

summary An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27556

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38066
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3809
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38126
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38108
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3805
published_at	2026-04-07T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3818
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38157
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.381
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27556

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd

reference_url

https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821

reference_url

https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1

reference_url

https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/

url

https://groups.google.com/g/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-27556

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-27556

reference_url

https://www.djangoproject.com/weblog/2025/apr/02/security-releases

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/apr/02/security-releases

reference_url

https://www.djangoproject.com/weblog/2025/apr/02/security-releases/

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/

url

https://www.djangoproject.com/weblog/2025/apr/02/security-releases/

reference_url

http://www.openwall.com/lists/oss-security/2025/04/02/2

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/04/02/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356899
reference_id	2356899
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356899

reference_url

https://github.com/advisories/GHSA-wqfg-m96j-85vm

reference_id

GHSA-wqfg-m96j-85vm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wqfg-m96j-85vm

fixed_packages

url pkg:pypi/django@5.0.14

purl pkg:pypi/django@5.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14

url pkg:pypi/django@5.1a1

purl pkg:pypi/django@5.1a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1a1

url pkg:pypi/django@5.1.8

purl pkg:pypi/django@5.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8

url pkg:pypi/django@5.2a1

purl pkg:pypi/django@5.2a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1

aliases BIT-django-2025-27556, CVE-2025-27556, GHSA-wqfg-m96j-85vm, PYSEC-2025-14

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9fd-1qx2-8ubc

url VCID-w4pr-k5nj-ckgy

vulnerability_id VCID-w4pr-k5nj-ckgy

summary

Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-57833

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05586
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05593
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05603
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05631
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05868
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05828
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05834
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05798
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5

reference_url

https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92

reference_url

https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/

url

https://groups.google.com/g/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html

reference_url

https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/

url

https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-57833

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-57833

reference_url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases

reference_url

http://www.openwall.com/lists/oss-security/2025/09/03/3

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/09/03/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
reference_id	1113865
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2392990
reference_id	2392990
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2392990

reference_url

https://github.com/advisories/GHSA-6w2r-r2m5-xq5w

reference_id

GHSA-6w2r-r2m5-xq5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6w2r-r2m5-xq5w

reference_url	https://access.redhat.com/errata/RHSA-2025:16403
reference_id	RHSA-2025:16403
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16403

reference_url	https://access.redhat.com/errata/RHSA-2025:16404
reference_id	RHSA-2025:16404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16404

reference_url	https://access.redhat.com/errata/RHSA-2025:16487
reference_id	RHSA-2025:16487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16487

reference_url	https://access.redhat.com/errata/RHSA-2025:16514
reference_id	RHSA-2025:16514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16514

reference_url	https://access.redhat.com/errata/RHSA-2025:17498
reference_id	RHSA-2025:17498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17498

reference_url	https://access.redhat.com/errata/RHSA-2025:17499
reference_id	RHSA-2025:17499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17499

reference_url	https://access.redhat.com/errata/RHSA-2025:17500
reference_id	RHSA-2025:17500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17500

reference_url	https://access.redhat.com/errata/RHSA-2025:17606
reference_id	RHSA-2025:17606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17606

reference_url	https://access.redhat.com/errata/RHSA-2025:17613
reference_id	RHSA-2025:17613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17613

reference_url	https://access.redhat.com/errata/RHSA-2025:17614
reference_id	RHSA-2025:17614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17614

reference_url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases/

reference_id

security-releases

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/

url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases/

reference_url	https://usn.ubuntu.com/7736-1/
reference_id	USN-7736-1
reference_type
scores
url	https://usn.ubuntu.com/7736-1/

fixed_packages

url pkg:pypi/django@5.1.12

purl pkg:pypi/django@5.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12

url pkg:pypi/django@5.2.6

purl pkg:pypi/django@5.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6

aliases CVE-2025-57833, GHSA-6w2r-r2m5-xq5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy

url VCID-xgv1-s2ek-q3dp

vulnerability_id VCID-xgv1-s2ek-q3dp

summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-26699

reference_id

reference_type

scores

value	0.01596
scoring_system	epss
scoring_elements	0.81676
published_at	2026-04-13T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.81624
published_at	2026-04-02T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.81646
published_at	2026-04-04T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.81643
published_at	2026-04-07T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.8167
published_at	2026-04-08T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.81675
published_at	2026-04-09T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.81695
published_at	2026-04-11T12:55:00Z

value	0.01596
scoring_system	epss
scoring_elements	0.81682
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/

url

https://groups.google.com/g/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-26699

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-26699

reference_url

https://www.djangoproject.com/weblog/2025/mar/06/security-releases

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/mar/06/security-releases

reference_url

https://www.djangoproject.com/weblog/2025/mar/06/security-releases/

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/

url

https://www.djangoproject.com/weblog/2025/mar/06/security-releases/

reference_url

http://www.openwall.com/lists/oss-security/2025/03/06/12

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/03/06/12

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
reference_id	1099682
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2348993
reference_id	2348993
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2348993

reference_url

https://github.com/advisories/GHSA-p3fp-8748-vqfq

reference_id

GHSA-p3fp-8748-vqfq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p3fp-8748-vqfq

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2025:3160
reference_id	RHSA-2025:3160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3160

reference_url	https://access.redhat.com/errata/RHSA-2025:3162
reference_id	RHSA-2025:3162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3162

reference_url	https://access.redhat.com/errata/RHSA-2025:3709
reference_id	RHSA-2025:3709
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3709

reference_url	https://access.redhat.com/errata/RHSA-2025:4553
reference_id	RHSA-2025:4553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4553

reference_url	https://access.redhat.com/errata/RHSA-2025:8609
reference_id	RHSA-2025:8609
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8609

reference_url	https://usn.ubuntu.com/7335-1/
reference_id	USN-7335-1
reference_type
scores
url	https://usn.ubuntu.com/7335-1/

fixed_packages

url pkg:pypi/django@5.0.13

purl pkg:pypi/django@5.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13

url pkg:pypi/django@5.1a1

purl pkg:pypi/django@5.1a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1a1

url pkg:pypi/django@5.1.7

purl pkg:pypi/django@5.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7

url pkg:pypi/django@5.2a1

purl pkg:pypi/django@5.2a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1

aliases BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp

Fixing_vulnerabilities

url VCID-3sac-ah8j-pucd

vulnerability_id VCID-3sac-ah8j-pucd

summary

Django SQL injection in HasKey(lhs, rhs) on Oracle
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53908

reference_id

reference_type

scores

value	0.00687
scoring_system	epss
scoring_elements	0.7171
published_at	2026-04-13T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.71728
published_at	2026-04-12T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.71745
published_at	2026-04-11T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.71679
published_at	2026-04-02T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.71697
published_at	2026-04-04T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.7167
published_at	2026-04-07T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.71709
published_at	2026-04-08T12:55:00Z

value	0.00687
scoring_system	epss
scoring_elements	0.7172
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53908

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/

url

https://groups.google.com/g/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53908

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53908

reference_url

https://www.djangoproject.com/weblog/2024/dec/04/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2024/dec/04/security-releases

reference_url

https://www.openwall.com/lists/oss-security/2024/12/04/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/

url

https://www.openwall.com/lists/oss-security/2024/12/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2329287
reference_id	2329287
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2329287

reference_url

https://github.com/advisories/GHSA-m9g8-fxxm-xg86

reference_id

GHSA-m9g8-fxxm-xg86

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m9g8-fxxm-xg86

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2024:11144
reference_id	RHSA-2024:11144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11144

reference_url	https://access.redhat.com/errata/RHSA-2024:11146
reference_id	RHSA-2024:11146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11146

reference_url	https://access.redhat.com/errata/RHSA-2025:0340
reference_id	RHSA-2025:0340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0340

reference_url	https://access.redhat.com/errata/RHSA-2025:0721
reference_id	RHSA-2025:0721
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0721

reference_url	https://usn.ubuntu.com/7136-1/
reference_id	USN-7136-1
reference_type
scores
url	https://usn.ubuntu.com/7136-1/

fixed_packages

url pkg:pypi/django@4.2.17

purl pkg:pypi/django@4.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17

url pkg:pypi/django@5.0.10

purl pkg:pypi/django@5.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10

url pkg:pypi/django@5.1.4

purl pkg:pypi/django@5.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4

aliases BIT-django-2024-53908, CVE-2024-53908, GHSA-m9g8-fxxm-xg86, PYSEC-2024-157

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sac-ah8j-pucd

url VCID-rmdp-bnjj-zuf2

vulnerability_id VCID-rmdp-bnjj-zuf2

summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

references

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://groups.google.com/g/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html

reference_url	https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2024/12/04/3

fixed_packages

url pkg:pypi/django@4.2.17

purl pkg:pypi/django@4.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17

url pkg:pypi/django@5.0.10

purl pkg:pypi/django@5.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10

url pkg:pypi/django@5.1.4

purl pkg:pypi/django@5.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4

aliases PYSEC-2024-156

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmdp-bnjj-zuf2

url VCID-wwa5-mhgu-9khz

vulnerability_id VCID-wwa5-mhgu-9khz

summary

Django denial-of-service in django.utils.html.strip_tags()
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53907

reference_id

reference_type

scores

value	0.01038
scoring_system	epss
scoring_elements	0.77412
published_at	2026-04-13T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77416
published_at	2026-04-12T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77436
published_at	2026-04-11T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.7741
published_at	2026-04-09T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77364
published_at	2026-04-02T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77371
published_at	2026-04-07T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.7739
published_at	2026-04-04T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.774
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/

url

https://groups.google.com/g/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53907

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53907

reference_url

https://www.djangoproject.com/weblog/2024/dec/04/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2024/dec/04/security-releases

reference_url

https://www.openwall.com/lists/oss-security/2024/12/04/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/

url

https://www.openwall.com/lists/oss-security/2024/12/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2329288
reference_id	2329288
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2329288

reference_url

https://github.com/advisories/GHSA-8498-2h75-472j

reference_id

GHSA-8498-2h75-472j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8498-2h75-472j

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2024:11144
reference_id	RHSA-2024:11144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11144

reference_url	https://access.redhat.com/errata/RHSA-2024:11146
reference_id	RHSA-2024:11146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11146

reference_url	https://access.redhat.com/errata/RHSA-2025:0340
reference_id	RHSA-2025:0340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0340

reference_url	https://access.redhat.com/errata/RHSA-2025:0777
reference_id	RHSA-2025:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0777

reference_url	https://usn.ubuntu.com/7136-1/
reference_id	USN-7136-1
reference_type
scores
url	https://usn.ubuntu.com/7136-1/

reference_url	https://usn.ubuntu.com/7136-2/
reference_id	USN-7136-2
reference_type
scores
url	https://usn.ubuntu.com/7136-2/

fixed_packages

url pkg:pypi/django@4.2.17

purl pkg:pypi/django@4.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17

url pkg:pypi/django@5.0.10

purl pkg:pypi/django@5.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10

url pkg:pypi/django@5.1.4

purl pkg:pypi/django@5.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4

aliases CVE-2024-53907, GHSA-8498-2h75-472j

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10

Package Instance