Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.0a1
Typepypi
Namespace
Namedjango
Version4.0a1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.13
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-6bct-bfhb-xugt
vulnerability_id VCID-6bct-bfhb-xugt
summary sql injection
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34265
reference_id
reference_type
scores
0
value 0.92834
scoring_system epss
scoring_elements 0.99772
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34265
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
2
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
3
reference_url https://github.com/advisories/GHSA-p64x-8rxx-wf6q
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p64x-8rxx-wf6q
4
reference_url https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
reference_id
reference_type
scores
url https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
5
reference_url https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db
reference_id
reference_type
scores
url https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db
6
reference_url https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9
reference_id
reference_type
scores
url https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9
7
reference_url https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
reference_id
reference_type
scores
url https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
12
reference_url https://security.netapp.com/advisory/ntap-20220818-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220818-0006
13
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5254
14
reference_url https://www.djangoproject.com/weblog/2022/jul/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jul/04/security-releases
15
reference_url https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
16
reference_url https://security.archlinux.org/AVG-2788
reference_id AVG-2788
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2788
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34265
reference_id CVE-2022-34265
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-34265
fixed_packages
0
url pkg:pypi/django@4.0.6
purl pkg:pypi/django@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5k3f-9smv-8bev
1
vulnerability VCID-fwkd-bq8u-9kg8
2
vulnerability VCID-kmv2-339j-8ugc
3
vulnerability VCID-nyy8-t17r-syex
4
vulnerability VCID-qg2s-fuw3-nbda
5
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.6
aliases CVE-2022-34265, GHSA-p64x-8rxx-wf6q, PYSEC-2022-213
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bct-bfhb-xugt
1
url VCID-bbxx-48nj-pqcd
vulnerability_id VCID-bbxx-48nj-pqcd
summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45115
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.63925
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45115
1
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security
2
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
3
reference_url https://github.com/advisories/GHSA-53qw-q765-4fww
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53qw-q765-4fww
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
reference_id
reference_type
scores
url https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
6
reference_url https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
reference_id
reference_type
scores
url https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
7
reference_url https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
reference_id
reference_type
scores
url https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
11
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220121-0005
12
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
13
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45115
reference_id CVE-2021-45115
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45115
fixed_packages
0
url pkg:pypi/django@4.0.1
purl pkg:pypi/django@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f2p-wfbs-73hz
1
vulnerability VCID-5k3f-9smv-8bev
2
vulnerability VCID-6bct-bfhb-xugt
3
vulnerability VCID-81q1-gytk-2uaq
4
vulnerability VCID-dcv2-gx5a-pfe2
5
vulnerability VCID-dqkn-1888-y3er
6
vulnerability VCID-fwkd-bq8u-9kg8
7
vulnerability VCID-kmv2-339j-8ugc
8
vulnerability VCID-nyy8-t17r-syex
9
vulnerability VCID-qg2s-fuw3-nbda
10
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1
aliases CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbxx-48nj-pqcd
2
url VCID-fwkd-bq8u-9kg8
vulnerability_id VCID-fwkd-bq8u-9kg8
summary An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24580
reference_id
reference_type
scores
0
value 0.22718
scoring_system epss
scoring_elements 0.95962
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24580
1
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security
2
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
reference_id
reference_type
scores
url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
5
reference_url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
reference_id
reference_type
scores
url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
6
reference_url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
reference_id
reference_type
scores
url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
21
reference_url https://security.netapp.com/advisory/ntap-20230316-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230316-0006
22
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
23
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
24
reference_url http://www.openwall.com/lists/oss-security/2023/02/14/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/02/14/1
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
reference_id CVE-2023-24580
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
26
reference_url https://github.com/advisories/GHSA-2hrw-hx67-34x6
reference_id GHSA-2hrw-hx67-34x6
reference_type
scores
url https://github.com/advisories/GHSA-2hrw-hx67-34x6
fixed_packages
0
url pkg:pypi/django@4.0.10
purl pkg:pypi/django@4.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kmv2-339j-8ugc
1
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.10
1
url pkg:pypi/django@4.1.7
purl pkg:pypi/django@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-kmv2-339j-8ugc
4
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.7
aliases CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwkd-bq8u-9kg8
3
url VCID-kmv2-339j-8ugc
vulnerability_id VCID-kmv2-339j-8ugc
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
reference_id
reference_type
scores
0
value 0.09595
scoring_system epss
scoring_elements 0.93006
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
5
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
6
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
7
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
9
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
10
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
11
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
18
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5465
19
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
20
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
22
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
fixed_packages
0
url pkg:pypi/django@4.1.10
purl pkg:pypi/django@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10
1
url pkg:pypi/django@4.2.3
purl pkg:pypi/django@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kv5d-p5n4-r7dp
30
vulnerability VCID-nyc2-p1rp-xkb4
31
vulnerability VCID-q4cv-2m7d-3qd5
32
vulnerability VCID-sz4x-rr8f-a3hf
33
vulnerability VCID-u15a-4ste-43cy
34
vulnerability VCID-vm2w-caad-nyd3
35
vulnerability VCID-vpgq-jhzc-j7h2
36
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3
aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmv2-339j-8ugc
4
url VCID-nyy8-t17r-syex
vulnerability_id VCID-nyy8-t17r-syex
summary In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23969
reference_id
reference_type
scores
0
value 0.06091
scoring_system epss
scoring_elements 0.90908
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23969
1
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security
2
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
reference_id
reference_type
scores
url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
5
reference_url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
reference_id
reference_type
scores
url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
6
reference_url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
12
reference_url https://security.netapp.com/advisory/ntap-20230302-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230302-0007
13
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
reference_id CVE-2023-23969
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
16
reference_url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
reference_id GHSA-q2jf-h9jm-m7p4
reference_type
scores
url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
fixed_packages
0
url pkg:pypi/django@4.0.9
purl pkg:pypi/django@4.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwkd-bq8u-9kg8
1
vulnerability VCID-kmv2-339j-8ugc
2
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.9
1
url pkg:pypi/django@4.1.6
purl pkg:pypi/django@4.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-fwkd-bq8u-9kg8
4
vulnerability VCID-kmv2-339j-8ugc
5
vulnerability VCID-rn9d-fd73-3kb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6
aliases CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyy8-t17r-syex
5
url VCID-rn9d-fd73-3kb9
vulnerability_id VCID-rn9d-fd73-3kb9
summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32498
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
5
reference_url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
6
reference_url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
12
reference_url https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230609-0008
13
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id CVE-2023-31047
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
16
reference_url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id GHSA-r3xc-prgr-mg9p
reference_type
scores
url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
fixed_packages
0
url pkg:pypi/django@4.1.9
purl pkg:pypi/django@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7u6e-a3ng-fude
1
vulnerability VCID-ctk2-ykg7-h7ag
2
vulnerability VCID-e2p6-m8gu-jbfu
3
vulnerability VCID-kmv2-339j-8ugc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9
1
url pkg:pypi/django@4.2.1
purl pkg:pypi/django@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c7j-evpp-53eb
1
vulnerability VCID-1umb-2rxg-bbdk
2
vulnerability VCID-32d1-b8f2-hud5
3
vulnerability VCID-3d6k-rdsh-k7hm
4
vulnerability VCID-4vry-9jdm-nyg9
5
vulnerability VCID-5fbx-3yfb-fudx
6
vulnerability VCID-62jv-ab6d-sqdb
7
vulnerability VCID-63c7-mkxw-ufav
8
vulnerability VCID-68nb-696n-n3bf
9
vulnerability VCID-7jbt-5zw2-vff2
10
vulnerability VCID-7u6e-a3ng-fude
11
vulnerability VCID-92bp-6kte-tyfs
12
vulnerability VCID-9udu-eqvn-mqbj
13
vulnerability VCID-ape9-66ck-nfez
14
vulnerability VCID-ax7m-uv4s-zkc1
15
vulnerability VCID-bjn5-qpmt-qffx
16
vulnerability VCID-bq5s-uknu-z7cn
17
vulnerability VCID-cbsj-1qqg-1ba6
18
vulnerability VCID-cg44-thdw-cygg
19
vulnerability VCID-chey-b3c1-pbe5
20
vulnerability VCID-ctk2-ykg7-h7ag
21
vulnerability VCID-e2p6-m8gu-jbfu
22
vulnerability VCID-em3c-ceug-cubp
23
vulnerability VCID-enen-3w2h-g3b8
24
vulnerability VCID-fbee-vj2y-cfeb
25
vulnerability VCID-heum-8mwz-sbcw
26
vulnerability VCID-j2uz-w2ur-7ud4
27
vulnerability VCID-jma1-9ags-xbfm
28
vulnerability VCID-jt9m-kd3k-uqca
29
vulnerability VCID-kmv2-339j-8ugc
30
vulnerability VCID-kv5d-p5n4-r7dp
31
vulnerability VCID-nyc2-p1rp-xkb4
32
vulnerability VCID-q4cv-2m7d-3qd5
33
vulnerability VCID-sz4x-rr8f-a3hf
34
vulnerability VCID-u15a-4ste-43cy
35
vulnerability VCID-vm2w-caad-nyd3
36
vulnerability VCID-vpgq-jhzc-j7h2
37
vulnerability VCID-x4s4-qav9-xbet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1
aliases CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn9d-fd73-3kb9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0a1